Trump's Twitter Hacked: Security Expert Guesses Password

A security researcher based in the Netherlands claims to have gained access to President Trump’s @realDonaldTrump Twitter account last week by successfully guessing the password: “maga2020!”

Victor Gevers, a security professional with the GDI Foundation and chairperson of the Dutch Institute for Vulnerability Disclosure – an organization dedicated to identifying and reporting security weaknesses – explained to TechCrunch that he correctly guessed the president’s account password on his fifth attempt.

The account lacked the protection of two-factor authentication, which allowed Gevers to access the president’s account.

Following successful login, he contacted US-CERT, the cyber unit within the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security, to report the security issue. TechCrunch has reviewed a copy of this disclosure. Gevers stated that the president’s Twitter password was subsequently changed.

This marks the second instance of Gevers successfully accessing Trump’s Twitter account.

The first occurrence was in 2016, when Gevers and two colleagues obtained and deciphered Trump’s password from the 2012 LinkedIn data breach. The researchers discovered his password – “yourefired,” a phrase popularized during his time on the television program “The Apprentice” – granted them access to his Twitter account. Gevers alerted Dutch authorities to the breach and offered recommendations for enhancing the president’s password security. He even suggested “maga2020!” as a potential password at that time, noting he “did not expect” it to still be effective years later.

The initial report of this incident was published by Dutch news organization Vrij Nederland.

In a public statement, Twitter spokesperson Ian Plunkett indicated: “We have found no evidence to support this claim, including from the article published in the Netherlands today. We have proactively put in place account security measures for a select group of high-profile accounts related to the election in the United States, including accounts belonging to federal government branches.”

Twitter announced last month that it would strengthen security protocols for accounts belonging to political candidates and government officials, including promoting – though not requiring – the implementation of two-factor authentication.

It is reported that Trump’s account has been fortified with additional security measures since he assumed office, although Twitter has not publicly detailed the specifics of these protections. The account remained secure during a security breach in July, where hackers exploited an “admin tool” to compromise prominent accounts and promote a cryptocurrency fraud.

Representatives for the White House and the Trump campaign did not provide immediate comment. However, White House deputy press secretary Judd Deere reportedly dismissed the story as “absolutely not true,” while declining to address the president’s social media security protocols. A spokesperson for CISA also did not immediately confirm the report.

“It is remarkable that an individual capable of triggering international events and impacting financial markets through his Tweets would utilize such a straightforward password and forgo two-factor authentication,” commented Alan Woodward, a professor at the University of Surrey. “Considering his account was previously compromised in 2016 and he recently stated that no one has hacked him, the situation is strikingly ironic.”

Gevers has a history of reporting security vulnerabilities, including those found in a facial recognition database used for tracking Uyghur Muslims and a weakness within Oman’s stock exchange.

Updated with Twitter comment, and corrected the name of publication which first published the news.