“Yourefired” was Donald Trump’s Twitter password, claim hackers

Yourefired1 now.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

"Yourefired" - Donald Trump's poor password security

There’s an extraordinary story in the security world today.

In fact, it’s so extraordinary that I’m also inclined to believe that it cannot possibly be true. But then, this is 2020… and I’m losing all sense of reality, so maybe it is true.

According to Dutch magazine Vrij Nederland (VN), in 2016 three ethical hackers known only as Edwin, Mattijs and Victor, scoured through the password database that had leaked out of LinkedIn a few years before.

In it, they found a hashed password that appeared to belong to one [email protected]. And having managed to extract the password from the hash, they attempted to see if it would unlock the then US Presidential candidate’s Twitter account.

Here’s what happened according to Vrij Nederland, courtesy of Google Translate:

With the program John the Ripper – a tool that hackers use to crack hashes – Mattijs retrieved the password in less than a second: yourefired

Before anyone could say anything, Edwin was tapping.
The password was accepted, as an extra verification step an e-mail address had to be entered.
But that address was wrong.

Edwin nearly fell off his chair. This meant that Trump had not changed his password after the 2013 ‘hack’.

When the three men entered the correct email address for the account ([email protected]) they were – fortunately – blocked from accessing the account. But only because Twitter noticed they were trying to log in from Europe, and Trump himself had last logged in from New York.

Sign up to our free newsletter.
Security news, advice, and tips.

Imagine you were a reality TV star who was well known for a catchphrase. Would you use that catchphrase for your password?

That would clearly be a very silly thing to do. But it’s even worse to use that same weak password in multiple places online.

And there are no words in existence to describe how stupid it would be to be so reckless with your password security if you were in the running to become the next President of the United States of America.

Oh, and it’s not just Trump of course. Let’s not forget that Mark Zuckerberg infamously used the same dumb password (“dadada”) on several of his social media accounts, which hackers were able to exploit in mid-2016.

DA DA DA DUMB! | Graham Cluley

h/t: The Register, and thanks to @seesdeadpeeps for the “Yourefired1 now” joke.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on ““Yourefired” was Donald Trump’s Twitter password, claim hackers”

  1. Martin

    Spelling mistakes 😔

  2. Simba

    This article is a total lie with the sole purpose to make Trump look stupid. If that were his password, the rest of the world is even dumber for not figuring it out sooner. I'm sure thousands of people and even foreign governments were trying daily to hack his accounts. Don't believe this trash the left is putting out there.

    1. F · in reply to Simba

      Obviously Simba you have not an ounce of knowledge about security and possibly the politics of Europe or for the rest of the world (compared to America). You see liberal (though you used the word left this will almost certainly still shock you .. assuming you believe it but I assure you it is true) is not what you think it is anywhere else. The Liberal Party of John Howard in Australia years ago. He was further right than Reagan. I known it's hard to believe for people who believe that everyone else is the same but that's a view that is not true.

      As for this article anyone worth their salt (a pun. you unfortunately probably won't have a clue about) can tell that this is real. What they described is EXACTLY how it works.

      This has absolutely nothing to do with politics but that's what you're making it out to be. Security isn't politics. Just because someone doesn't like something doesn't make it politics.

      This was a stupid move. Not that he's the only one. There's even an afghan (or something like it) with a bunch of stupid passwords on it just to highlight stupid passwords. This includes people on all political sides too. No. You're simply wrong.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.