An "ethical hacker" from the Netherlands claims to have guessed US President Donald Trump's Twitter password and accessed the account - but the social media company says it's seen no evidence to back that up.
Dutch media reported on Friday morning that Victor Gevers, a security researcher described as an "ethical hacker", accessed the @realDonaldTrump Twitter account after just seven attempts to guess the password. According to Gevers, the password was 'maga2020!'.
One report from Vrij Nederland contains screenshots of someone able to edit the account's profile. It says that some files included sensitive information so were not published.
"I thought 'oh god' when I logged in," Gevers told RTL News.
"I just don't want me to be able to get in, especially not with such an important account."
There was no two-step verification, the hacker said. RTL News says this may be because many in Trump's campaign team have access to the account and extra security makes it difficult to share the account with others.
Gevers says he didn't tweet or view any messages from the account, but wants to use the case as an example of how individuals and organisations often don't have stringent online security.
According to RTL News, the password has since been changed and two-step verification added.
"Even if you use a bad password, such as 'maga2020!', you still remain protected against these types of simple attacks," Gevers told the outlet.
However, despite Gevers' claims, Twitter told Variety it has "seen no evidence to corroborate this claim". A spokesperson said the social media company had "proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government".
That included "strongly" encouraging two-step verification.
It's not the first time Trump's account has been reportedly accessed by others. In 2017, a Twitter contract worker briefly deactivated the handle. Gevers claims he got into the account in 2016 with the password 'yourefired'.
Gevers tweeted on Friday morning after the news broke: "It started six years ago. And hopefully, it will be the last time in 2020. Please switch on two-factor authentication on all of your accounts."
