Days after we got to know that the newly inaugurated President Donald Trump was still using his old, insecure Android smartphone, it has now been revealed that the official @POTUS Twitter account was linked to a private Gmail account.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
Since we are already aware of the potential scandal with government officials using outside email systems following the hack of private e-mail servers of Hillary Clinton and George W. Bush, the choice of using private, non-government email address by Trump has raised serious concerns about the security of the White House's closely watched account.
To gain control of the official @POTUS Twitter account, which may or may not is secured with some form of two-factor authentication, all an attacker needs to do is hack the email address associated with the account, which controls the password reset process.
A hacker, @WauchulaGhost, who discovered this issue also reported similar weaknesses in the email linked to the First Lady Melania Trump (@FLOTUS) and VP Mike Pence (@VP), said CNN.
WauchulaGhost, who took down more than 500 ISIS Twitter accounts in the past, said he would not hack the @POTUS Twitter account or Twitter accounts of other White House officials; instead, he just wanted to issue a warning to upgrade the security of these accounts.
Fortunately, all those Twitter accounts were switched over to the White House-affiliated private email clients by just yesterday morning, but so far only Trump's personal Twitter account is apparently protected by two-factor verification, which requires users to enter a one-time passcode sent to their phone.
Also Read: Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals
However, Trump's personal Twitter account still involves some substantial information security risks, since he is still using the insecure device to post messages from the White House, according to numerous reports quoting unnamed White House sources, which could allow malicious actors to gain access to the account through his phone itself.
Trump Press Secretary May Have Just Tweeted His Password, Twice!
And since the email address used for the Spicer's Twitter account (@PressSec) was already known, it would have taken just a few seconds to log into it.
Overall, it is not a good start for the nascent Trump administration as far as cyber security is concerned. And if this continues, the new president will be the next target for hackers.