President Trump’s Twitter accessed by security expert who guessed password "maga2020!"

This is fairly mind blowing.

Source: https://techcrunch.com/2020/10/22/dutch-hacker-trump-twitter-account-password/

The account was not protected by two-factor authentication, granting Gevers access to the president’s account.

It's also pretty remarkable that the account hadn't already been discovered (that we know of).

Wouldn't this be an account subject to constant attack like this? Lots to unpack here.

Comments

[Junxiao Shi]

My password is o7j7k3w5. I post it on Twitter and forums, so that I can just look for this comment when I forget.
Please do not transfer my money or use my calling account, honor system, thanks.

[Fernando B 🚀]

The article said he changed shortly afterwards, password is probably maga2021 now. Is mind blowing that POTUS doesn't have two factor authentication. Just dumb. And these people "run" the country. 🤣

[Tom Pearson]

In the grand scheme of things, to me, that he doesn’t use 2fa is one of the least mind blowing things about this President.

[Mihail Malo]

And blindly believing the claims that he got hacked (or that this or the previous mentioned password in the article were ever his password) isn't "Just dumb"?

[Fernando B 🚀]

I mean without getting into a political debate, he's done quite a few dumb things in the last 4 years. I wouldn't be surprised if he got hacked at all.

[Mihail Malo]

I wouldn't be surprised, but I'd expect massive evidence.

[Ben Halpern]

I was once (legitimately) told the password to major media brand's social account, and the password was "name of brand" + "two character number".... It was the least secure thing I could imagine, and it was passed around in emails.

But this is still another level.

[David Harting]

Wild that this indicates his team is not using a password manager.

[Douglas Parsons]

So what you're saying is we should all go and try brand names + 2 numbers for every popular brand we can think of?

[Mike Bybee]

I told everyone the biggest takeaway of 2016 was that we're screwed InfoSec-wise whether the Republicrats or Demopublicans win (everyone remembers Hillary's homebrew mail server, but Trump's campaign mail server running Win2k3 - again, in 2016 - got comparatively little attention).

[60MilesPerHour]

This is hilarious

[Sergey Kislyakov]

Doesn't Twitter enforce some security measures for important accounts (e.g. POTUS, politicians, etc.)?

[Sergey Kislyakov]

Well, it does. From the article:

In a statement, Twitter spokesperson Ian Plunkett said: “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”

[shadowtime2000]

Didn't his account get deleted by an annoyed Twitter employee once?

[Javier Riveros]

It was deactivated for around 11 minutes but not deleted.