Fraud Management & Cybercrime , Multi-factor & Risk-based Authentication , Security Operations

White House Denies Trump's Twitter Account Was Hacked

Dutch Ethical Hacker Claims He Gained Access, But Twitter Says There's No Evidence
White House Denies Trump's Twitter Account Was Hacked

The White House and Twitter are both debunking claims by a Dutch ethical hacker that he accessed President Donald Trump's Twitter account earlier this month by guessing the password, enabling him to obtain full privileges and capture screenshots.

See Also: Double-Click on Risk-Based Cybersecurity

White House spokesman Judd Deere tells Information Security Media Group: "This is absolutely not true."

Meanwhile, Twitter tells The Independent there is no evidence that the account access took place.

Researcher’s Claims

Victor Gevers, a security researcher at the GDI Foundation and chairman of the Dutch Institute for Vulnerability Disclosure, tells the local magazine Vrij Nederland that it took only five guesses before he hit on the password "maga2020!" to gain access to @RealDonaldTrump Twitter accounts. Gevers claims that he had the ability to change the password and profile picture and could have downloaded Trump's Twitter history, which would have included the direct messages associated with the account.

Gevers also asserts that Trump's account lacked multifactor authentication. He says he attempted to contact the White House and other government agencies to warn them of the issue. A screenshot posted by Vrij Nederland purportedly shows Gevers in the administrative section of the account where he was able to place his cursor next to Trump's name.

Deere, the White House spokesman, would not give any details on whether the president’s account used multifactor authentication. "We don’t comment on security procedures around the president’s social media accounts," he tells ISMG.

President Trump uses his @RealDonaldTrump Twitter account, which has 87 million followers, as one of his main communication methods.

Earlier Twitter Hack Incident

Back in July, Twitter’s security procedures were called into question when 130 high-profile accounts were compromised as part of a cryptocurrency scheme. Twitter's investigation found the attackers "successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections" (see: Twitter Hijackers Used Well-Honed Fraudster Playbook).

About 360 people lost almost $130,000 in the scam. Two of those responsible were arrested and a third was charged but remains at large (see: 3 Charged in Twitter Hack).

In September, India's Prime Minister Narendra Modi's Twitter account was taken over and used for a similar scam (see: Another Twitter Hack: This Time, India's Modi Targeted).

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.