The easiest way to gain control of a Twitter account isn’t to go password-guessing — it’s to hack the email address associated with the account, which controls password resets. So hypothetically speaking, if you were the leader of the free world and the owner of @POTUS, one of the few Twitter accounts that could conceivably trigger nuclear war, you’d probably want better security than one Gmail.
According to a screenshot from hacker and Twitter user @WauchulaGhost, @POTUS is tied to a personal Gmail account, seemingly that of Dan Scavino, Trump’s social media adviser. That Gmail account may or may not have two-factor authentication enabled, but either way, it’s a juicy and dangerous target for any hacker who might want to take advantage.
— WauchulaGhost 👻 (@WauchulaGhost) January 21, 2017
@WauchulaGhost was able to find Trump’s information through Twitter’s own password reset procedure, which reveals a redacted version of the email address tied to the account. According to a screenshot posted by the same user, Trump’s account was even less secure on the day of the inauguration, having two email addresses and a cellphone as possible account recovery options.
The White House has yet to comment on the issue.
@POTUS is not the only cybersecurity issue to come to light in recent days. Yesterday, the New York Times revealed that Trump still relies on an old Android phone — possibly even a Samsung Galaxy S3 — for Twitter purposes, which raises questions not just about the security of Trump’s account, but about the possibility of hackers using it to eavesdrop on the President.
Press Secretary Sean Spicer was also under fire after tweeting something that looked suspiciously like a password or authentication code from his official account. Spicer’s account also appears to be secured using only a cellphone and a Gmail account.
— Nash Across the 8th Dimension (@Nash076) January 26, 2017