There’s an extraordinary story in the security world today.
In fact, it’s so extraordinary that I’m also inclined to believe that it cannot possibly be true. But then, this is 2020… and I’m losing all sense of reality, so maybe it is true.
According to Dutch magazine Vrij Nederland (VN), in 2016 three ethical hackers known only as Edwin, Mattijs and Victor, scoured through the password database that had leaked out of LinkedIn a few years before.
In it, they found a hashed password that appeared to belong to one [email protected] And having managed to extract the password from the hash, they attempted to see if it would unlock the then US Presidential candidate’s Twitter account.
Here’s what happened according to Vrij Nederland, courtesy of Google Translate:
With the program John the Ripper – a tool that hackers use to crack hashes – Mattijs retrieved the password in less than a second: yourefired
Before anyone could say anything, Edwin was tapping.
The password was accepted, as an extra verification step an e-mail address had to be entered.
But that address was wrong.
Edwin nearly fell off his chair. This meant that Trump had not changed his password after the 2013 ‘hack’.
When the three men entered the correct email address for the account ([email protected]) they were – fortunately – blocked from accessing the account. But only because Twitter noticed they were trying to log in from Europe, and Trump himself had last logged in from New York.
Imagine you were a reality TV star who was well known for a catchphrase. Would you use that catchphrase for your password?
That would clearly be a very silly thing to do. But it’s even worse to use that same weak password in multiple places online.
And there are no words in existence to describe how stupid it would be to be so reckless with your password security if you were in the running to become the next President of the United States of America.
Oh, and it’s not just Trump of course. Let’s not forget that Mark Zuckerberg infamously used the same dumb password (“dadada”) on several of his social media accounts, which hackers were able to exploit in mid-2016.
h/t: The Register, and thanks to @seesdeadpeeps for the “Yourefired1 now” joke.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
2 comments on ““Yourefired” was Donald Trump’s Twitter password, claim hackers”
Spelling mistakes 😔
This article is a total lie with the sole purpose to make Trump look stupid. If that were his password, the rest of the world is even dumber for not figuring it out sooner. I'm sure thousands of people and even foreign governments were trying daily to hack his accounts. Don't believe this trash the left is putting out there.