Twitter said it had seen ‘no evidence’ to corroborate claims that Donald Trump’s Twitter account was accessed by a security researcher.
On Thursday (22 October), cybersecurity researcher Victor Gevers told TechCrunch that he managed to guess the Twitter password of US president Donald Trump and gain access to the account.
Gevers, who is chair of the Dutch Institute for Vulnerability Disclosure and a researcher at the GDI Foundation, told the publication that Trump’s account was not protected by two-factor authentication.
The security researcher claimed that he immediately contacted Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to report that he managed to access the account, using the password ‘maga2020!’.
Dutch magazine Vrij Nederland first reported the story and published screenshots of what Gevers claimed to be him accessing the US president’s Twitter account. While Gevers’ claims were published widely by Dutch and US news platforms, both Twitter and the White House have denied that Gevers managed to access Trump’s account.
Denying the claims
In a statement, a spokesperson for Twitter said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today.
“We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
White House deputy press secretary Judd Deere also told The Verge: “This is absolutely not true, but we don’t comment on security procedures around the president’s social media accounts.”
Vice noted some inconsistencies in Gevers’ claims. It reported that the bio displayed on the president’s profile in the researcher’s screenshots was different to Trump’s actual Twitter bio at the time of the reported hack.
The publication also pointed out that Twitter’s criteria for a strong password suggests that users should use at least 10 characters – while the alleged ‘maga2020!’ password is only nine characters long. Twitter did not respond when Vice asked if a strong password is required by a high-profile, election-related account.
Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Vice’s Motherboard that it would be unusual for Twitter to fail to log the IP and device information for every new login, which can detect potential unauthorised access.
Gevers also claimed that he accessed Trump’s Twitter account in October 2016. Working with two other hackers, Gevers said that he successfully guessed the president’s password, but because the trio had not masked their location or IP address, Twitter asked them for an email address verification. This stopped them from using the account, according to Forbes.
Previous hacking incidents
Trump’s personal Twitter account was previously hacked in 2013, when a hacker published Lil Wayne lyrics. The tweet was immediately deleted and a spokesperson said that authorities were investigating the incident.
My Twitter has been seriously hacked— and we are looking for the perpetrators.
— Donald J. Trump (@realDonaldTrump) February 21, 2013
Trump mentioned Twitter hacking at a rally in Arizona earlier this week, while commenting on how C-SPAN political editor Steve Scully was suspended after he falsely claimed his Twitter account was hacked.
“Nobody gets hacked,” Trump said. “To get hacked you need somebody with 197 IQ and he needs about 15pc of your password.”
TechCrunch noted that in addition to Trump’s personal Twitter account being hack before, his hotel chain has also been hacked twice, with incidents that revealed credit card details, guest names, email addresses, phone numbers and other details.