A Twitter user who identifies himself as WauchulaGhost reportedly messaged President Donald Trump to change the security settings on his Twitter account. The user also warned the vice president and first lady. He is the one who hacked 500 ISIS Twitter accounts, according to CNN.
Hacker warns Trump of possible threats
WauchulaGhost contacted CNN’s Laurie Segall about the vulnerabilities on Saturday.
“I spent the last three days trying to reach the White House for their response to WauchulaGhost’s claims. I sent multiple emails, including several directly to Dan Scavino, Donald Trump’s head of social media,” says Segall.
On Monday night, WauchulaGhost shared his emails through tweets with the accounts and message: “Change your emails & Fix Settings.”
WauchulaGhost came into the limelight in June when he hacked 500 pro-ISIS accounts and replaced the content with images of porn and gay pride messages. According to CNN, the hacker says he was not keen on hacking the President’s account, but Trump’s security settings leave him vulnerable to other hackers.
A Twitter representative stated that the company does not comment on individual accounts, but the White House Communication Agency looks after the related security protocols, which is more than two-factor authentication.
Don’t ignore basic Twitter security features
WauchulaGhost stated that @POTUS, @FLOTUS and @VP are even more prone to attacks because they ignored the basic security feature on Twitter that enables the user to provide a phone number or email address to reset the password. Through the account settings, anyone can click on “forgot password” and type in @FLOTUS, @POTUS or @VP.
Then on the next screen, the message reads, “We found the following information associated with your account.”
It also gives the partially redacted email address to which the password recovery link will be sent.
WauchulaGhost said that to hack someone’s account, the first step is filling in the missing letters and guessing someone’s email address. He told CNN that it is not very hard to guess the email, and he has taken over 500 ISIS accounts.
The Twitter hacker said he found the probable email linked with Melania Trump’s handle in less than 20 minutes. Further, the email address associated with Vice President Mike Pence was easy to guess. After seeing the redacted version: firstname.lastname@example.org, it was easy to fill in the blanks, which, according to WauchulaGhost, are email@example.com.
“Then verify the email exists. At that point take the email account, reset Twitter password, boom….I own the Pres. Not saying I’m going to..haha. But it’s rather easy for some,” WauchulaGhosttold CNN.
Pence’s email ID has been changed since, but the president’s and first lady’s email addresses are the same.