A security researcher reportedly logged in to President Trump's Twitter account last week by guessing the password—it was "maga2020!"—and then alerted the US government that Trump needed to upgrade his Twitter security practices.
Security researcher Victor Gevers reportedly guessed Trump's password on the fifth attempt and was dismayed that the president had not enabled two-step authentication. The news was reported today by de Volkskrant, a Dutch newspaper, and the magazine Vrij Nederland. Both reports had quotes from Gevers, while Vrij Nederland also published a screenshot that Gevers says he took when he had access to the @realdonaldtrump account.
Gevers reportedly gained access to Trump's Twitter account on Friday last week. He says he tried passwords such as "MakeAmericaGreatAgain" and "Maga2020" before hitting on the correct password of "maga2020!" Gevers is a well-known security researcher and has been quoted in several Ars articles on other security topics going back to 2017. He is a researcher at the nonprofit GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure.
"I expected to be blocked after four failed attempts" or at least be "asked to provide additional information," Gevers said, according to de Volkskrant. The report said:
The Dutchman alerted Trump and American government services to the security leak. After a few days, he was contacted by the American Secret Service in the Netherlands. This agency is also responsible for the security of the American President and took the report seriously, as evidenced by correspondence seen by de Volkskrant. Meanwhile Trump's account has been made more secure.
Trump account tweeted satire article about Biden
On the same day Gevers allegedly hacked into Trump's Twitter account, the account tweeted a satirical article by the Babylon Bee titled, "Twitter Shuts Down Entire Network To Slow Spread Of Negative Biden News." Trump was seemingly fooled by the satirical news site, but the Vrij Nederland article suggests the tweet might have been sent by Gevers when he had access to Trump's profile.
"I am not saying I did it," Gevers said, according to Vrij Nederland. "But what if I was the one to post the tweet? Then Trump will need to either admit to never having read the Babylon Bee article and posting this bullshit tweet, OR he will need to acknowledge that someone else posted the tweet." The tweet still has not been deleted.
Twitter today said it has "seen no evidence to corroborate this claim" that Trump's account was hacked, according to an article by The Independent. But Twitter also said it has "proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government."
Twitter's statement doesn't disprove Gevers' claim. We contacted Gevers today, and he confirmed to Ars that he logged in to Trump's Twitter account using the password "maga2020!" and that this was the "second time in four years" that he accessed Trump's Twitter account. Gevers and two other researchers say they got into Trump's Twitter account in 2016 by obtaining his password from a data breach, with the password at that time being "yourefired."
White House Deputy Press Secretary Judd Deere also denied Gevers' claim, telling Forbes, "This is absolutely not true, but we don't comment on security procedures around the president's social media accounts."