When Twitter suffered a catastrophic high-level compromise this summer, many speculated on the reasons why President Trump’s account was left untouched. One possible explanation was that the platform had several additional security measures in place and that hacking it would be next to impossible for anyone.
A Dutch researcher named Victor Gevers claims otherwise, though, as he allegedly managed to gain access to Donald Trump’s account last week without having to bypass a two-step verification process.
As the man told the press, the password that was used by the U.S. President was “maga2020!”, which is a very short and weak password that would be very easy to brute-force. The researcher says he could post stuff or change the President’s profile details, but he chose to take some screenshots as evidence and informed the American government services instead. Twitter has denied that this event ever happened, but the researcher says he was eventually contacted by the American Secret Service in the Netherlands, who thanked him for the report.
If this really happened, it raises a number of serious and reasonable questions.
Related: Twitter Developers May Have Had Their Private Keys Exposed
Gevers had compromised the president’s Twitter account again in 2016, and he actually used the same email address that he had from back then, so not even that has changed. Back then, the password was “yourefired”, which was Trump’s reality TV show catchphrase, and so extremely easy to guess.
One more thing that’s very weird is that Gevers was the first person to break into Trump’s Twitter account. The U.S. President’s profile is targeted vigorously by malicious actors, and considering the apparent lack of any strong security safeguards, it is very strange that the Dutch researcher was the first to break in.