When Donald Trump was elected as the President of the United States, there has been growing concern surrounding his infamous Twitter account. Particularly, many are concerned about the account getting hacked by bad actors. Recently, according to a man who identifies himself online as WauchulaGhost, the president is vulnerable to hackers because of a basic Twitter security setting that he has not enabled.[1] This vulnerability is due to the current setting for the account, which allows anyone to click on “forgot password,” and type in “@POTUS.”[2] The next screen says “we found the following information associated with your account” and gives a partially redacted email address to which it will send a password recovery link.[3] According to WauchulaGhost, being able to fill in the missing letters and guess one’s email address is the first step hackers take when trying to breach an account, which is not difficult to do for most hackers.[4] The next step would be to gain access to the email, typically by using tactics such as malware, apps that guess multiple passwords at once, or using known information about a person to trick them into sharing their password.[5]
While WachulaGhost does not wish to hack the President, his intention is to warn the President that his security settings may leave him vulnerable to other hackers.[6] WachulaGhost is an experienced hacker who has hacked over 500 Islamic State accounts, replacing content with images of porn and gay pride messages.[7]
WachulaGhost’s warning solidified many people’s fear that gaining access to the President’s Twitter may become a reality. A hacking of the Twitter account can have far-reaching consequences, even if that breach is temporary.[8] One consequence may be economical. On January 5, 2017, Toyota shares plummeted within minutes of a negative tweet from Trump, causing the company to lose approximately $1.2 billion in value.[9] If a hacker were to tweet something similar from the account, similar consequences could occur. Another consequence may be national security. Tweets coming from the President’s Twitter account could instigate feuds with other countries, world leaders or political figures.
In order to ensure safety on the President’s Twitter account, WachulaGhost recommends that the President should use the security setting that prompts one to type in one’s phone number or email in order to reset the password.[10] Hopefully the President and his staff heed these warnings and ensure that the President’s Twitter is safer than what it is currently.
[1] Laurie Segall, Hacker to Trump: Fix your security settings on Twitter, CnnTech, (Jan. 24, 2017, 6:45 P.M.), http://money.cnn.com/2017/01/24/technology/trump-white-house-twitter-security/index.html?iid=ob_homepage_tech_pool.
[2] Id.
[3] Id.
[4] Id.
[5] Id.
[6] Segall, supra note 1.
[7] Id.
[8] Id.
[9] Rachel Revesz, Toyota loses $1.2bn in value five minutes after Donald Trump’s tweet, Independent, (Jan. 5, 2017), http://www.independent.co.uk/news/world/americas/toyota-12bn-value-plummet-shares-stock-market-donald-trump-tweet-move-mexico-tax-a7512096.html.
[10] Segall, supra note 1.