[imagesource: Getty Images / CNN]

Imagine if somebody hacked Donald Trump’s Twitter account, and started posting wild conspiracy theories, baseless accusations, and unhinged rants?

How would we ever know?

A Dutch security researcher named Victor Gevers claims to have already gained access to Trump’s personal Twitter account, twice, simply by guessing the president’s password.

Most recently, he says he gained access last week, after guessing right on his fifth attempt. The password was ‘maga2020!’.

According to TechCrunch, Gevers is “a security researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, which finds and reports security vulnerabilities”:

The account was not protected by two-factor authentication, granting Gevers access to the president’s account.

After logging in, he emailed US-CERT, a division of Homeland Security’s cyber unit Cybersecurity and Infrastructure Security Agency (CISA), to disclose the security lapse, which TechCrunch has seen. Gevers said the president’s Twitter password was changed shortly after.

He says that two days after he accessed the account, the Secret Service got in touch and thanked him for bringing the security problem to their attention.

Gevers shared this screenshot, saying it’s from inside Trump’s account:

He showed an amazing amount of self-control in not tinkering with that bio.

Gevers claim to have previously gained access to Trump’s account back in 2016:

…when Gevers and two others extracted and cracked Trump’s password from the 2012 LinkedIn breach. The researchers took his password — “yourefired” — his catchphrase from the television show “The Apprentice” — and found it let them into his Twitter account.

Gevers reported the breach to local authorities in the Netherlands, with suggestions on how Trump could improve his password security.

One of the passwords he suggested at the time was “maga2020!” he said. Gevers said he “did not expect” the password to work years later.

If I had to guess what the password is now, I’d say it’s a toss-up between ‘ButHerEmails’ and ‘chinavirus’.

In response to questions, Judd Deere, a deputy press secretary at the White House, said the claims are “absolutely not true”.

A spokesperson for Twitter said they haven’t seen sufficient evidence to verify Gevers’ claims, adding that the site “proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government”.

See, Gevers should have tinkered with that bio, if only for a brief moment, in order to prove his claims.

[source:techcrunch]