Dutch Researcher Claims to Have Hacked Donald Trump’s Twitter Account

• A white-hat hacker has managed to access Donald Trump’s Twitter account using a simple password.
• The account was apparently not protected by 2FA, and the President used the same email he had back in 2016.
• The news of this hack is very peculiar because nothing matches logic and “standard” procedures.

When Twitter suffered a catastrophic high-level compromise this summer, many speculated on the reasons why President Trump’s account was left untouched. One possible explanation was that the platform had several additional security measures in place and that hacking it would be next to impossible for anyone.

A Dutch researcher named Victor Gevers claims otherwise, though, as he allegedly managed to gain access to Donald Trump’s account last week without having to bypass a two-step verification process.

As the man told the press, the password that was used by the U.S. President was “maga2020!”, which is a very short and weak password that would be very easy to brute-force. The researcher says he could post stuff or change the President’s profile details, but he chose to take some screenshots as evidence and informed the American government services instead. Twitter has denied that this event ever happened, but the researcher says he was eventually contacted by the American Secret Service in the Netherlands, who thanked him for the report.

If this really happened, it raises a number of serious and reasonable questions.

• First of all, how could Twitter not have a 2FA step in place for President Trump’s account, especially after all that happened this summer?
• Secondly, how could the American Secret Services, the CIA, and the agencies dealing with national security leave this in the president’s hands, failing to consult him on this crucially important matter?
• Thirdly, how could Gevers login from a country in Europe and not raise any fingerprint mismatch flags on Twitter?
• Finally, how did Twitter accept such a short and weak password for such a high-profile account?

Related: Twitter Developers May Have Had Their Private Keys Exposed

Gevers had compromised the president’s Twitter account again in 2016, and he actually used the same email address that he had from back then, so not even that has changed. Back then, the password was “yourefired”, which was Trump’s reality TV show catchphrase, and so extremely easy to guess.

One more thing that’s very weird is that Gevers was the first person to break into Trump’s Twitter account. The U.S. President’s profile is targeted vigorously by malicious actors, and considering the apparent lack of any strong security safeguards, it is very strange that the Dutch researcher was the first to break in.