US national security could be at risk, as the hacker who went after the Twitter accounts of some 500 ISIS members has detected a major vulnerability in the Twitter settings of the accounts of US President Donald Trump, First Lady Melania Trump and Vice President Mike Pence, announced CNN.
“It’s not hard for us to go figure out that email,” the hacker told CNNTech in a Twitter direct message. “I’ve taken over 500 Islamic State accounts.”
The person under the name @WauchulaGhost reached out to a CNN reporter this weekend to report on the discovery that none of the accounts had been linked to a phone number or email address for password reset and two-factor authentication. Simply by clicking “forgot password” and typing the handle, any user could find out the email originally used to create the Twitter account.
“All I have to do is guess the email. Which I have been rather good at doing,” WauchulaGhost told CNNTech via Twitter DM. “Then verify the email exists. At that point take the email account, reset Twitter password, boom…. I own the Pres. Not saying I’m going to… haha. But it’s rather easy for some.”
When no answer was received from the White House, the hacker went public with the information revealing the private emails associated with the Twitter accounts @POTUS, @FLOTUS and @VP, such as Trump’s private Gmail. The message he tweeted read “Change your emails & Fix Settings.”
IT seems government officials keep getting themselves into cyber trouble by either choosing personal email servers over official encrypted ones, using their old Android smartphones when in office or ignoring basic security settings like two-factor authentication.
“Is it a grave vulnerability? Probably not. But it’s tipping your hand. Every piece of evidence [a hacker] can build up to target your profile can be useful on an attack campaign,” former State Department Senior Advisor Chris Bronk told CNNTech.
Although CNN reached out to the White House, a response was not received.