Twitter says it has “no evidence” that Donald Trump’s account was hacked, after an ethical hacker claimed to have broken into it using just the password “maga2020!”.
Juddson Deere, the White House deputy press secretary, also told The Independent that the claims by the hacker are “absolutely not true but we don’t comment on security procedures around the President’s social media accounts.”
Victor Gevers, a security expert, claimed to have had access to the president’s direct messages, could change his profile, and tweet, according to de Volkskrant, which reported that it had seen screenshots from the president’s account.
It only took the hacker five attempts to guess the president’s password, he claimed.
Gevers apparently alerted Mr Trump and US governmental services about the breach, and was then contacted by the Secret Service.
Mr Trump did not reply to an email sent to him by Gevers advising him to choose a more secure password, he said.
The president’s account has reportedly been made more secure.
According to Gerver’s claims, the account had previously not had two-step authentication activated for the account, which requires that a login be verified via access to another personal device such as a physical security key or authenticator app on another computer.
Gevers was one of three hackers who accessed president Trump’s account in 2016, when the accounts password was reportedly “yourefired”.
“That we would succeed in doing it again so soon, was not planned,” he told de Volkskrant.
“I expected to be blocked after four failed attempts. Or at least would be asked to provide additional information.”
The hacker was apparently shocked that it was possible for him to so easily access the president’s account.
“Why is it possible for someone from a different time zone to log into such an important account? Why doesn’t Twitter demand better passwords? If I can access his account, then foreign nations can do so as well, right? Why aren’t the persons who are supposed to protect the president informed when someone reports that his account is unsafe?” he said.
Contacted by The Independent, Mr Gevers refused to provide firm evidence that he had access to the account, such as emails with the Secret Service or screenshots that could only be taken when logged in as Mr Trump.
“We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today”, Twitter said in a statement.
“We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Twitter would not specify what measures have been taken to secure such accounts.
High-profile Twitter accounts have been compromised in the past.
Scammers were able to take control of users’ accounts and ask for users to send $1,000 to a Bitcoin account with the promise that their deposit would be doubled in return.
Mr Trump recently claimed that “nobody gets hacked” at a campaign event in Tucson, Arizona.
“Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password,” Mr. Trump said.
Hackers can get credentials via keyloggers (tools that secretly record every key you press), phishing (a method of tricking you into giving up your personal information), and third-party data breaches.