Dutch prosecutors have confirmed that President Donald Trump’s Twitter account was indeed hacked by a so-called “ethical hacker” who didn’t have to work too hard to guess Trump’s password: “maga2020!”
Victor Gevers, a Dutch security expert, cooperated with investigators from the Dutch Public Prosecution Service in November and freely released information and screenshots pertaining to the Oct. 16 hack.
“He ... stated to police that he had investigated the strength of the password because there were major interests involved if this Twitter account could be taken over so shortly before the presidential election,” Dutch authorities told the BBC on Wednesday.
Hacking is a criminal offense in the Netherlands, but Gevers will not be prosecuted for his actions — likely because, after initiating the hack, he tried to contact U.S. authorities and offered advice on how to make Trump’s account more secure.
“The Public Prosecution Service believes the hacker has actually penetrated Trump’s Twitter account but has met the criteria that have been developed in case law to go free as an ethical hacker,” the service said in a statement.
Gevers said in October that he guessed Trump’s password on his fifth attempt. Gevers told De Volkskrant that he had logged into Trump’s account once before, in 2016, after guessing the password “yourefired” and was acting with good intentions to test the security of verified Twitter accounts.
Once Gevers accessed the account with relatively little trouble, he reportedly contacted the Trump campaign team and suggested it enable two-factor authentication and change the password to something more complex, like “! IWillMakeAmericaGreatAgain2020 !”
Two-factor authentication was enabled the following day, Gevers said. Trump’s team initially failed to answer Gevers, but Secret Service officials eventually thanked him for exposing the vulnerability.
The White House denied Gevers’ claims in October, and Twitter said at the time that there was no evidence to support claims of a hack.
A Twitter spokesperson told HuffPost that the company “proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”