Last week, Victor Gevers, a Dutch cyber security researcher at the GDI Foundation, managed to access President Donald Trump’s Twitter account @realDonaldTrump by guessing the password: ‘maga2020!’
According to Gevers, it was his fifth attempt that yielded fruitful results.
Since no 2FA protection was in place, Gevers was able to proceed to Trump’s account dashboard.
His intent was not to cause any damage – rather, he notified US-CERT, a division of Homeland Security’s cyber unit CISA, straight away to disclose the security lapse.
Trump’s password was changed shortly thereafter.
This was not the first time that Gevers had managed to gain access to his account – the first successful login took place in 2016.
At the time, Gevers and two others managed to crack the password with the help of the 2012 LinkedIn breach.
Trump’s password at the time turned out to be “yourefired”, his catchphrase from the TV show The Apprentice.
Gevers reported his findings to the local authorities in the Netherlands and suggested how Trump could improve his password security.
One of his suggestions was ‘maga2020!’
Gevers said that he “did not expect” the password to work several years later.
Ian Plunkett, a Twitter spokesperson, explained that the platform implemented account security measures aimed at high-profile, election-related accounts belonging to US individuals.
In addition, Twitter encourages these individuals to turn on two-factor authentication.
Trump’s Twitter account was secured with extra security measures as he assumed his role as president.
The fact that his account remained untouched during July’s cryptocurrency scam – which was initiated by hackers who abused an admin tool to hijack high-profile accounts – serves as evidence of this statement’s validity.
Judd Deere, a White House deputy press secretary, has said that the story is “absolutely not true”, though he did not comment on Trump’s social media security.