Victor Gevers, a Dutch security researcher, claims he commandeered President Trump’s Twitter account.
Gevers, a prolific online vulnerability hunter, said he accurately guessed Trump’s password after a handful of tries. He told Vrij Nederland, a Dutch magazine, that he gained entry after entering “maga2020!,” a reference to the Trump campaign’s Make America Great Again slogan.
Gevers said the account did not have two-factor authentication, a recommended measure for securing online accounts. If true, that means a hacker would need just the password—rather than, say, Trump’s phone—to gain control of the account.
Trump’s campaign team and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency referred questions about the alleged incident to the White House.
When contacted for comment, Judd Deere, a deputy press secretary at the White House, strongly rejected the claim. “This is absolutely not true, but we don’t comment on security procedures around the President’s social media accounts,” Deere told Fortune.
A statement from Twitter makes Gevers’ claim seem even more dubious. “We’ve seen no evidence to corroborate this claim, including from the article published in the Netherlands today,” a spokesperson told Fortune. “We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”
Last month, Gevers claimed to have hacked Trump’s Twitter account along with two associates in 2016. That boast, published in an earlier article by Vrij Nederland, alleged the since-changed password was “yourefired,” Trump’s catchphrase from his old reality TV show, The Apprentice.
Cybersecurity experts cautioned that the evidence to support Gevers’ claim was thin. That skepticism prompted Gevers to try hacking Trump’s account again, he said.
Fortune was unable to independently verify whether screenshots published by Vrij Nederland purporting to show Gevers’ access to Trump’s account were real or fabricated. Gevers did not reply to Fortune’s requests for comment.
Gevers is best known for having last year uncovered surveillance-related databases exposing information on millions of Uighurs, a persecuted ethnic minority in China. He pursues “white hat” research—finding and flagging security issues for companies to fix—through a Hague-based nonprofit organization he cofounded, called GDI Foundation.
When hackers hijacked a slew of high-profile Twitter accounts this summer, including those of Democratic presidential candidate Joe Biden, Tesla CEO Elon Musk, and Amazon CEO Jeff Bezos, Trump’s account remained notably untouched. Twitter said at the time that certain VIP accounts were equipped with extra protections.
“If ‘maga2020!’ is legit, using a password based on a term that you say on an almost daily basis in public is truly, hilariously dumb,” said Joy Howard, chief marketing officer at Dashlane, maker of a password management app. She advised that Trump “consider using random, unique passwords for every account.”
At a recent campaign rally in Arizona, Trump mocked a C-SPAN editor, Steve Scully, who was suspended after falsely claiming that his Twitter account had been hacked. Trump told the crowd, “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15% of your password.”
Trump’s businesses—and his Twitter account—were both breached in years past.
