Five days after an Anonymous hacker publicly revealed security flaws in U.S. government Twitter accounts, including President Donald Trump’s official @POTUS account, the White House has taken action.
Up until this afternoon, the @POTUS Twitter handle was registered to a personal Gmail address, which at one point appeared to be tied to Mr. Trump’s social media director Dan Scavino.
Hacker @WauchulaGhost, who became famous in June for hacking into dozens of pro-Islamic State of Iraq and Syria (ISIS) Twitter accounts and populating them with gay pride messages, decided to dig into the president’s social media account after hearing Mr. Trump discuss cybersecurity last week.
“Of course I had to look at his Twitter account to see if his partial email was exposed,” the hacker told CBS News via direct message on Twitter. “The first time I looked most of the presidential accounts were using Gmail and had partial phone numbers exposed.”
It didn’t take long for other Twitter users to run their own tests, attempting to sign into the president’s Twitter account and posting screen shots of their findings.
Users were shocked to discover the president did not have two-factor verification enabled for greater security, thus allowing them to see a portion of the email address linked to the account.
“I asked @Jack [Twitter CEO Jack Dorsey] weeks ago if Trump’s Twitter account had two-factor authentication. Turns out it didn’t,” BBC reporter Dave Lee tweeted on Thursday.
Twitter explains that login verification adds an extra layer of security, requiring you to enter your password and a subsequent six-digit access code any time you try to log in.
“If they would have two-factor enabled on their Twitter accounts, the partial numbers would have been hidden,” @WauchulaGhost explained. “So the question is, were their Gmail accounts secure?”
When asked whether that means the accounts were easier to hack into, @WauchulaGhost said, “Anything is possible.”
By midday Thursday, the email addresses connected to @POTUS’ account were switched to government addresses. However, internet users still criticized officials for not enabling two-factor for the president’s account.
It looks like White House officials got the message. By 4:30 p.m. ET, the email addresses were no longer visible, meaning the appropriate security measures were taken.
Both Twitter and the White House press office have not yet responded to CBS News’ request for comment.