Dutch edition Vrij Nederland said that the famous security specialist and head of the GDI Foundation, Victor Gevers (Victor Gevers) managed to pick up the password from the Twitter account of US President Donald Trump – it was the abbreviation "maga2020!", formed from the slogan "Make America great again".
Journalists TechCrunch asked Gevers for the details of what had happened, and he said that he found the password on just the fifth attempt, and the account was not protected by two-factor authentication, that is, the researcher really got access to the president's account. As proof of his words, the expert showed the journalists a screenshot, which can be seen below.
When the password guessing was unexpectedly successful, the researcher did not somehow harm or write messages on behalf of the president, instead he immediately reported the problem through all possible channels: he turned to US-CERT, the Agency for Cybersecurity and Infrastructure Protection, organized under the Department of Homeland Security USA (DHS CISA), FBI, Twitter support, even tried to find contacts in the White House and so on.
Interestingly, Gevers is guessing the password from Donald Trump's Twitter account for the second time… The first time an expert and his friends guessed a password was in 2016. Then the researchers relied on the data leaked from Linkedin in 2012, and were surprised to find that the password for Twitter is exactly the same as for Linkedin.
Now the expert says that in the end he did not receive answers from anyone (it was the same in 2016), but soon the password for the account changed, and two-factor authentication was also started.
TechCrunch journalists were never able to get official comments from the White House and Trump's campaign staff, only White House Deputy Press Secretary Judd Deere said the story was "absolutely untrue."
In turn, representatives of Twitter said that they have no evidence to support Gevers' statements or the material published by the Dutch edition. The company also emphasized that it is actively introducing various security mechanisms for the accounts of a certain group of known, election-related Twitter accounts. Last month on Twitter really promised, which will strengthen the security of the accounts of political candidates and government agencies, including encouraging the use of two-factor authentication (but, alas, not obliging to do this).