Donald Trump’s Twitter account was allegedly hacked, after a Dutch researcher correctly guessed the president’s password: “maga2020!”, Dutch media reported.
Security researcher and ethical hacker Victor Gevers could access to Trump’s direct messages, post tweets in his name and change his profile, De Volkskrant newspaper reported. Four years ago, Gevers, along two other Dutch ethical hackers, also hacked Trump's account.
Gevers, who allegedly tried four times before using the "correct" password, says, “I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information,” Gevers told De Volkskrant. Gevers told De Volkskrant that President Trump was not using basic security measures such as multi-factor authentication. According to the news report, Gevers desperately reached out to Donald Trump to warn him, which turned out to be an impossible task.
In a statement, a Twitter spokesperson denied the hack: "We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government."
Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider, explains, “A security-savvy team would assume that these controls were important and would likely opt to use a strong password as well as MFA to reduce the likelihood of account takeover attacks. However, in the event users of the account opted for convenience over safety, it is not Twitter's responsibility to force people to pick strong passwords or to actually implement the security features they offer to users. Twitter's job is to offer a secure platform and strong security features, which they do. If people are unable to convince the President to wear a mask during a pandemic, it's unlikely they could force him to use a strong password.”