Dutch prosecutors confirmed Wednesday that President Donald Trump’s Twitter account was indeed hacked by a so-called “ethical hacker” who didn’t have to work too hard to guess Trump’s password: “maga2020!”
It only took the hacker five tries to guess the correct password, and he was kind enough to tell Donald Trump’s team to activate two-factor authentication afterward.
Victor Gevers, a Dutch security expert, cooperated with investigators from the Dutch Public Prosecution Service in November and freely released information and screenshots pertaining to the Oct. 16 hack.
“He … stated to police that he had investigated the strength of the password because there were major interests involved if this Twitter account could be taken over so shortly before the presidential election,” Dutch authorities told the BBC on Wednesday.
I've tried to notify multiple times because of your passwords for Twitter are too weak. Last Friday, I contacted @CISAgov, @TeamTrump, @WhiteHouse, @DonaldJTrumpJr, and @twittersecurity, just like in Oct 2016. But no one responds. Please keep 2FA enabled! https://t.co/DRCCS8NAa4
— Victor Gevers (@0xDUDE) October 19, 2020
Gevers said in October that he guessed Trump’s password on his fifth attempt. Gevers told De Volkskrant that he had logged into Trump’s account once before, in 2016, after guessing the password “yourefired” and was acting with good intentions to test the security of verified Twitter accounts.
Once Gevers accessed the account with relatively little trouble, he reportedly contacted the Trump campaign team and suggested it enable two-factor authentication and change the password to something more complex, like “! IWillMakeAmericaGreatAgain2020 !”
Two-factor authentication was enabled the following day, Gevers said. Trump’s team initially failed to answer Gevers, but Secret Service officials eventually thanked him for exposing the vulnerability.
The White House denied Gevers’ claims in October, and Twitter said at the time that there was no evidence to support claims of a hack.
A Twitter spokesperson told the press on Thursday that the company “proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”