The Dutch researcher Victor Gevers guessed the password of President Trump’s personal Twitter account as MAGA2020 and noticed he did not use two-step verification.
A Dutch cyber security researcher Victor Gevers has revealed that he managed to log into the Twitter account of the President of the United States Donald Trump after guessing its password which turned out to be MAGA2020.
MAGA stands for Make America Great Again which happened to be President Trump’s campaign slogan used in his successful 2016 presidential election.
The researcher also revealed that Trump did not enable 2-step verification on the account meaning anyone who could have guessed the password was able to log into the account, make changes, and tweet whatever they wanted.
The Twitter account with 87 million followers is a personal account of President Trump which has been super active since he became president in January 2017.
It is worth noting that in 2016, Gevers was able to log into Trump’s account by simply guessing its password. At that time, according to reports, Trump’s password was “yourefired.”
However, this time, the researcher was able to guess the password on the fifth attempt and successfully sign in without raising any alarm.
“I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information,” Gevers told Dutch Newspaper De Volkskrant.
Gevers further noticed that a day after gaining access to President Trump’s Twitter, two-step verification was not only enabled on the account but he was also contacted by the Secret Service as a gesture of gratitude for reporting the issue.
It started six years ago. And hopefully, it will be the last time in 2020. Please switch on two-factor authentication on all of your accounts. ?
— Victor Gevers (@0xDUDE) October 22, 2020
However, on the other hand, the social networking service Twitter has denied the claim made by Gevers stating that:
“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Previous findings by Gevers
Previously, Gevers made news for identifying several high-profile unprotected databases in the wild. For instance, Gevers is the same researcher who in February 2019, discovered a Chinese facial recognition database that was tracking the Muslim population in the country.
In March 2019, the researcher discovered an unprotected database labeled “BreedReady” containing personal and sensitive information of over 1.8 million Chinese women.
In September 2019, Gevers reported another misconfigured database leaking phone numbers of more than 419 million Facebook users.