Security Researcher Claims He Hacked Trump’s Twitter Using Password ‘maga2020!’

Security Researcher Claims He Hacked Trump’s Twitter Using Password ‘maga2020!’
Photo: Melissa Sue Gerrits, Getty Images

A Dutch security researcher is claiming that he was able to gain access to President Trump’s Twitter account last week. Allegedly, the only vulnerability he discovered was Trump’s total lack of concern for security. The researcher says that all he had to do was guess that the password was “MAGA2020!”

The Dutch newspaper de Volkskrant broke the news on Thursday, reporting that Victor Gevers was going about his ethical hacking business when he saw the reports about Hunter Biden’s laptop being hacked or stolen or whatever Rudy Giuliani says. Gevers, who is a researcher at the GDI Foundation and chair of the Dutch Institute for Vulnerability Disclosure, said he proceeded to do a little security spot check on valuable Twitter accounts and within minutes he discovered the keys to Trump’s kingdom. It reportedly only took four failed guesses before he hit on the password, and allegedly no two-factor authentication was in place. Being an ethical dude, Gevers said he contacted the proper authorities at Homeland Security.

It’s a wild story, to be sure. Gevers did not immediately respond to our request for more details, but screenshots allegedly documenting his time perusing the Trump account were reviewed by de Volkskrant and TechCrunch, and many authorities in the cybersecurity industry vouched for Gevers professional acumen. He’s known on the Gizmodo staff as reliable after he discovered vulnerabilities in the Oman stock exchange, tracked MongoDB database attacks, and discovered a face recognition database tied to China’s monitoring of its Muslim population. Oh, and Gevers claims to have done this before.

In 2016, Gevers was one of three researchers who claimed to have broken into Trump’s Twitter after using a password (“yourefired”) exposed in a 2012 LinkedIn hack. He told TechCrunch that after the embarrassing alleged security blunder, he suggested some stronger passwords to Dutch authorities handling the matter. He didn’t expect that one of his suggestions, “maga2020!”, would actually find its way into use.

Or did it? In an emailed statement, a Twitter spokesperson said that the company has “seen no evidence to corroborate this claim, including from the article published in the Netherlands today. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.” The proactive measure thing is referring to a new layer of security Twitter implemented for some accounts after numerous accounts belonging to powerful people were breached in July.

The White House is also denying the president’s account was compromised. TPM reporter Matt Shuham shared a statement from White House Deputy Press Secretary Judd Deere, saying, “This is absolutely not true but we don’t comment on security procedures around the President’s social media accounts.” Just the kind of internally inconsistent statement one would expect from an administration that for the last two weeks has had its own people arguing in court that the president’s statements simply can’t be trusted.

And while we’re on the subject of not trusting the president’s statements, there’s one more intriguing detail to the latest alleged breach. Trump was trending on Twitter last Friday as he was getting roasted for a post that seemed to indicate he doesn’t understand that the Babylon Bee is a satirical news outlet:

Speaking with the Dutch outlet Vrij Nederland, Gevers was coy about whether he was responsible for the particularly boneheaded tweet. The researcher reportedly posted some now-deleted tweets that morning that indicate he was taking credit for it and saying that it’s now served its purpose. “I am not saying I did it. But what if I was the one to post the tweet? Then Trump will need to either admit to never having read the Babylon Bee article and posting this bullshit tweet, OR he will need to acknowledge that someone else posted the tweet,” Gevers told the outlet. Never one to admit fault, Trump later tweeted, “Big T was not a reference to me, but rather to Big Tech, which should have been properly pointed out in Twitter’s Fake Trending Section!”

At this time, we can’t confirm who’s telling the truth in all this. But we know that Twitter and the White House have national security concerns to keep in mind while Gevers has no obvious motivation to tarnish his reputation just to claim that the dumb president did the dumb thing again. In the time it’s taken to post this, there’s another dumb thing happening on the president’s timeline, so we’ll probably all have forgotten about this by dinner.