The new American president’s Twitter account isn’t a means of communication as much as it is a tool for confusion, propaganda, and unceasing assault. But Donald Trump has shown his tweets can move the stock market, provoke foreign powers, and dominate news cycles, so the account’s potential to shake the world is unprecedented. And all that’s stopping an outsider from seizing control of @POTUS is someone’s personal Gmail password.

If you forget your Twitter password, the company allows you to easily reset the code through a link sent to an email address you designate in your account settings. This same process makes it elementary to hijack that Twitter account if you have access to the email account in question: Just request a password reset, wait for the link to arrive, and lock your victim out of their own Twitter account.

Trump’s account is an obviously juicy target for such an attack, representing what BuzzFeed’s Joe Bernstein described as “a national security disaster waiting to happen.” An unauthorized declaration of, say, imminent hostilities or economic sanctions coming from the president’s official account could destabilize the entire world.

According to hacker and Twitter user @WauchulaGhost, Trump’s account is not only set to email password reset requests to a personal Gmail account (it appears to be that of Dan Scavino, his social media chief), but to reveal the first two letters of the account (enough to surmise it’s probably Scavino’s). This signals to hackers that all they need to do to illicitly broadcast to the president’s 14 million online followers is get into said Gmail account, which may or may not be secured with some form of two-factor authentication. Even with such an extra layer of authentication, knowing the private email address of a senior White House employee would make them a target for spearphishing attacks like those that befell the DNC and John Podesta last summer.

Hey @POTUS, On a serious note. Lets fix your Security settings. Should I email you? #GhostOfNoNation @realDonaldTrump pic.twitter.com/FRdMJnZaNr

— WauchulaGhost (@WauchulaGhost) January 21, 2017

According to a CNN report, WauchulaGhost “says he found the likely email associated with Melania Trump’s handle within twenty minutes, and “the email associated with Vice President Mike Pence was easy to guess once you saw the redacted version: vi***************@gmail.com, which WauchulaGhost pieced together as vicepresident2017@gmail.com.”

It appears that in the days since WauchulaGhost first tweeted about the vulnerability, the option to reset the @POTUS password via text message or what appears to be an @DonaldJTrump.com address have been removed. Bizarrely, the Gmail option remains active as of today for both Trump and Press Secretary Sean Spicer:

Not only is the @PressSec tweeting passwords, he also tied the Press Secretary Twitter to a gmail account. pic.twitter.com/MoqErnojbq

— Nash (@Nash076) January 26, 2017

The irony given Trump’s campaign assaults on Hillary Clinton’s use of a private email service is of course obvious.

The post Donald Trump Is Using a Private Gmail Account to Secure the Most Powerful Twitter Account in the World appeared first on The Intercept.

from The Intercept ift.tt/2jtUvuk