A renowned hacker has lectured President of the US (POTUS), Donald Trump, on how to be safe and secure on Twitter.
The president has after assuming office traded his Android phone with which he tweets for a well sophisticated device. President Trump, notorious for tweeting has said he will continue to tweet even as president.
But, WauchulaGhost, the same hacker who breached the security of 500 ISIS accounts on Twitter has said President Trump has to change some of his @POTUS Twitter account security settings if he hopes to be in continuing possession of the account.
President Trump inherited the @POTUS Twitter handle from his predecessor Barack Obama who invented the @POTUS Twitter account on Friday after he was inaugurated 45th POTUS.
According to WauchulaGhost, the @FLOTUS and the @VP Twitter accounts are also affected.
He said the accounts are vulnerable because they haven’t selected a basic security feature on Twitter that requires users to provide a phone number or email address to reset your password, adding that the current security setting for the three Twitter accounts allows anyone to click on “forgot password” and type in @FLOTUS, @POTUS or @VP.
The next screen says “we found the following information associated with your account” and gives a partially redacted email address to which it will send a password recovery link.
WauchulaGhost says being able to fill in the missing letters and guess someone’s email address is the first step hackers take when trying to breach an account.
“It’s not hard for us to go figure out that email,” he told CNNTech in a Twitter direct message, adding that “I’ve taken over 500 Islamic State accounts”.
WauchulaGhost says he found the likely email associated with Melania Trump’s handle within twenty minutes. He said the email associated with Vice President Mike Pence was easy to guess once you saw the redacted version: vi***************@gmail.com, which WauchulaGhost pieced together as [email protected].
According to WauchulaGhost, once you have an email address for an account, the next step is gaining access to that email. Common tactics include malware, apps that guess multiple passwords at once, eventually forcing their way in, or using known information about a person to trick them into sharing their password.
“All I have to do is guess the email. Which I have been rather good at doing,” WauchulaGhost told CNNTech via Twitter DM. “Then verify the email exists. At that point take the email account, reset Twitter password, boom….I own the Pres. Not saying I’m going to..haha. But it’s rather easy for some”.
Adding a phone or an email address to a Twitter account ensures the account holder is beeped immediately there is security breach on the account.
According to WauchulaGhost, people who want their Twitter accounts to be more secure, including the president, should use the security setting that prompts you to type in your phone number or email in order to reset your password.
It is not immediately clear if the security loopholes have been there when Obama was in possession of the account or the loopholes came up after Obama handed over the handle to Trump.
Both Barack Obama’s @POTUS44 and Donald Trump’s @RealDonaldTrump personal Twitter accounts appear to have the extra security setting.
WauchulaGhost contacted CNNTech to reveal these insecurities on Saturday, and CNNTech has said it has reached out multiple times to the White House to alert them to the lack of security on the accounts but as of Tuesday morning, yet to receive any response.