There’s an extraordinary story in the security world today.
In fact, it’s so extraordinary that I’m also inclined to believe that it cannot possibly be true. But then, this is 2020… and I’m losing all sense of reality, so maybe it is true.
According to Dutch magazine Vrij Nederland (VN), in 2016 three ethical hackers known only as Edwin, Mattijs and Victor, scoured through the password database that had leaked out of LinkedIn a few years before.
In it, they found a hashed password that appeared to belong to one [email protected]. And having managed to extract the password from the hash, they attempted to see if it would unlock the then US Presidential candidate’s Twitter account.
Here’s what happened according to Vrij Nederland, courtesy of Google Translate:
With the program John the Ripper – a tool that hackers use to crack hashes – Mattijs retrieved the password in less than a second: yourefired
Before anyone could say anything, Edwin was tapping.
The password was accepted, as an extra verification step an e-mail address had to be entered.
But that address was wrong.Edwin nearly fell off his chair. This meant that Trump had not changed his password after the 2013 ‘hack’.
When the three men entered the correct email address for the account ([email protected]) they were – fortunately – blocked from accessing the account. But only because Twitter noticed they were trying to log in from Europe, and Trump himself had last logged in from New York.
Imagine you were a reality TV star who was well known for a catchphrase. Would you use that catchphrase for your password?
That would clearly be a very silly thing to do. But it’s even worse to use that same weak password in multiple places online.
And there are no words in existence to describe how stupid it would be to be so reckless with your password security if you were in the running to become the next President of the United States of America.
Oh, and it’s not just Trump of course. Let’s not forget that Mark Zuckerberg infamously used the same dumb password (“dadada”) on several of his social media accounts, which hackers were able to exploit in mid-2016.
h/t: The Register, and thanks to @seesdeadpeeps for the “Yourefired1 now” joke.
Spelling mistakes 😔
This article is a total lie with the sole purpose to make Trump look stupid. If that were his password, the rest of the world is even dumber for not figuring it out sooner. I'm sure thousands of people and even foreign governments were trying daily to hack his accounts. Don't believe this trash the left is putting out there.
Obviously Simba you have not an ounce of knowledge about security and possibly the politics of Europe or for the rest of the world (compared to America). You see liberal (though you used the word left this will almost certainly still shock you .. assuming you believe it but I assure you it is true) is not what you think it is anywhere else. The Liberal Party of John Howard in Australia years ago. He was further right than Reagan. I known it's hard to believe for people who believe that everyone else is the same but that's a view that is not true.
As for this article anyone worth their salt (a pun. you unfortunately probably won't have a clue about) can tell that this is real. What they described is EXACTLY how it works.
This has absolutely nothing to do with politics but that's what you're making it out to be. Security isn't politics. Just because someone doesn't like something doesn't make it politics.
This was a stupid move. Not that he's the only one. There's even an afghan (or something like it) with a bunch of stupid passwords on it just to highlight stupid passwords. This includes people on all political sides too. No. You're simply wrong.