UPDATED: Twitter is disputing the account of a security researcher in the Netherlands who claimed he accessed President Trump’s Twitter account — simply by guessing that the password was “maga2020!”
“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a Twitter spokesman said in a statement to Variety.
According to a report by Netherlands-based RTL News, Victor Gevers, a security researcher who chairs the Dutch Institute for Vulnerability Disclosure, successfully accessed Trump’s Twitter account on Oct. 16. The story included a screenshot purportedly taken by Gevers showing his ability to access of @realDonaldTrump’s settings.
Gevers — an “ethical hacker” — did not tweet private messages from Trump’s account but allegedly could have, per the RTL News account.
The Twitter rep said the company “proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.” That included “strongly” encouraging such accounts to enable two-factor authentication to protect them from unauthorized logins.
Popular on Variety
The White House also denied the alleged takeover of Trump’s Twitter account. “This is absolutely not true, but we don’t comment on security procedures around the president’s social media accounts,” a White House spokesman said.
Trump’s Twitter account has received “extra protections” in the wake of “past incidents,” the New York Times reported this summer. That was seemingly a reference to the brief deactivation of Trump’s handle in November 2017 by a Twitter contract worker (who later claimed he had disabled the president’s account by mistake). The @realDonaldTrump account was not among those compromised in a large-scale attack in July by cyberscammers that targeted 130 high-profile Twitter users.
According to Gevers, Trump’s account did not include two-factor security; Twitter’s two-factor authentication login settings sends a six-digit code to a user’s phone number that is required to log in to the service in addition to username and password. The researcher told TechCrunch that he guessed the president’s account password, allegedly “maga2020!”, on the fifth attempt. Per the report, Gevers contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to alert them to the issue.
Gevers claims he previously broke into Trump’s Twitter account in 2016 by using the password “yourefired,” which was culled from a security breach at LinkedIn in 2012.
The White House and the Trump campaign have not commented on the reported unauthorized access of Trump’s Twitter account.
Meanwhile, Trump — an avid Twitter power-user who sometimes posts dozens of times daily on the social network — is upset by Twitter’s recent actions to fact-check and block his tweets.
Trump also lashed out at Twitter over its blocking tweets linking to New York Post stories based on alleged emails from Hunter Biden, the son of Democratic president candidate Joe Biden. The paper said it obtained the material from Trump lawyer Rudy Giuliani (who got it from a laptop of unconfirmed origin that was abandoned in a computer-repair shop); Twitter said the stories ran afoul of its hacked-material policy. A day later Twitter reversed course, saying it was revising that policy, and unblocked some of the Post articles. But it’s still preventing tweets from linking to another story involving allegations of Hunter Biden’s dealings with a Chinese energy company.
That prompted Trump to step up his call for the repeal of Section 230 of the Communications Decency Act, which lets companies like Twitter and Facebook make content-moderation decisions for their platforms while shielding them from legal liability for user-posted material. “When government granted these protections, they created a monster!” the president tweeted last week. Joe Biden also has called for repealing Section 230 protections for social media platforms.
In May, Trump issued an executive order aimed at removing Section 230 immunity for social networks if they “censor” speech. FCC Chairman Ajit Pai on Thursday announced an official rulemaking proceeding to “clarify” how Section 230 applies to social media companies, claiming the commission has legal authority to do so (something that free-speech advocates say is false).
