Today in "Well, this seems bad!" a Dutch researcher was able to hack into Donald Trump's official Twitter account simply by guessing his password. It took him five tries.
And the password holding the key to the voice of the President of the United States was, too predictably, "maga2020!" You'd think there would be measures in place to make sure it was a little harder to hack the platform the president uses constantly in order to speak to the people. But that was apparently not the case.
"Imagine the security risk," indeed. The Guardian reports that Victor Gevers, a security expert, could easily log in. Once the password worked, he had "access to Trump's direct messages, could post tweets in his name and change his profile."
He gained access simply by guessing Trump's password. His fifth attempt, "maga2020!" worked like a charm. You'd think that maybe there would be extra security measures around Trump's Twitter account, but this is the second time in four years that Gevers has been able to access Trump's Twitter account.
It's way too easy, and Trump's ridiculously regular password doesn't help matters. "I expected to be blocked after four failed attempts," Gevers said. "Or at least would be asked to provide additional information."
But he wasn't, which, Gevers said, suggests that Trump isn't using even a basic two-step verification, something that's very common and easy to set up. In two-step verification, usually, you provide a phone number that gets sent a code in order for your password and login to be verified.
But Trump didn't even have that set up. Gevers was able to gain access to Trump's enormous audience with five guesses. So Gevers immediately tried to warn Trump and his team, but that proved kind of hard to do.
"So, he tries to warn others," writes Dutch paper De Volkskrant. "Trump's campaign team, his family. He sends messages via Twitter asking if someone will call Trump's attention to the fact that his Twitter account is not safe. He tags the CIA, the White House, the FBI, Twitter themselves. No response."
A day later, Gevers noticed that two-step authentication had been activated, and then two days after that, the Secret Service finally got in touch to thank him for bringing the problem to their attention.
Yikes. The worst part is that this wasn't the first time Gevers himself got into the president's account. In 2016, he and a couple other people guessed that Trump's password was "yourefired."
"Almost absentmindedly, [a Dutch researcher] tried a number of passwords and their variations. On the fifth attempt: bingo! He tries ‘maga2020!’ and suddenly finds himself in the Twitter account of the American President. He is flabbergasted." https://t.co/ubg0HZTYl5— Matt Viser (@mviser) October 22, 2020
After that first hack (or even before!), there should have been more security measures in place other than having the president change his password every once in a while to an easy-to-guess phrase.
For what it's worth, Twitter says they've found "no evidence" of a hack into Donald Trump's Twitter account, although, maybe that's because Gevers "hack" was really just another sign-in.
In a statement, Twitter said, "We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government."