We’ve talked about the importance of choosing a good password before, and we’re happy to make this point again. Of course you should avoid using passwords like ‘secret’ or ‘12345’. Everybody else is using them and rest assured: hackers are well aware of that. In addition, you should also be careful not to use any personal information: anyone that knows you well enough to know your birthday, the name of your kids or your favourite pets, could have an easy way into your account.
It seems like Donald Trump did not receive this particular word of advice. A Dutch hacker was able to access his Twitter account after no more than 5 tries to guess his password! After entering the password ‘maga2020!’ (from his well-known campaign slogan: Make America Great Again), security expert Victor Gevers found himself having unrestricted access to the president’s 87 million followers. Amazingly, this was not the first time Gevers pulled this off: in 2016 he also managed to login to Trump’s account using the password ‘yourefired’, the catchphrase from the hit TV series the Apprentice, that made Donald famous at the time.
If one hacker can accomplish this in a manner of minutes, just imagine what havoc a dedicated army of state-sponsored Chinese, Russian, or North-Korean hackers could wreak on the accounts of the President of the United States.
The moral of this story: don’t be like Donald and use a password manager to generate and store strong passwords. Also enable two-factor authentication when you can!
Update: after posting, I found an interesting article on the Vrij Nederland website, explaining more about Gevers’ approach as an ethical hacker and his commitment to responsible disclosure. Meanwhile Twitter claims to see no evidence of this hack.
December 17, another update: after this news was initially released, it caused quite some controversy. Many people didn’t believe any of this really happened and suspected Gevers of boasting, while others pointed out his respected reputation in the field of cyber security. Twitter denied seeing evidence of the hack, as I added to the story at the time. The White House also issued a denial, which I didn’t add, as I prefer to report from reliable sources only. In what will perhaps be the final word, the Dutch Ministry now confirmed, based on an investigation by the national police’s High Tech Crime unit, that this hack did in fact take place.