Anonymous just shared two tweets from White House Press Secretary Sean Spicer that appear to belong to his Twitter account. The collective doesn’t appear to have been involved in the security breach, if there was one — but it did publish two screencaps snagged by someone in the seconds they were live on Twitter before Spicer (or a staff member) removed them.
nice passwords bro @PressSec pic.twitter.com/E1AvaMNgFJ
— Anonymous (@YourAnonNews) January 26, 2017
But were they passwords? Short answer: We’re not sure.
It’s entirely plausible that these were just pocket tweets from Spicer. If that’s the case, though, it’s a story in and of itself and security is indeed lax in this administration.
Note: Others are reporting that this could be a botched two-factor authentication (2FA) entry. That doesn’t appear to be the case here, as Twitter’s 2FA codes are numerical, and Spicer’s contain letters.
First, we’d urge you not to try to access Sean Spicer’s account using these passwords, as it is a jailable offense. Besides, chances are they’ve been changed already and it’s not really worth the risk.
The passwords — if they are indeed passwords — echo sentiment by security experts that the current administration could be grossly incompetent when it comes to cyber security. The harder of the two passwords (Aqenbpuu) would take an estimated 22 minutes to brute force, while the other (n9y25ah7) would take all of a minute, according to How Secure is My Password?.
If true, the concerns that started (in public discussion) two weeks back about Trump’s top security advisor are warranted. Then we have little issues elsewhere like Trump’s reported use of an un-hardened Android device, and his staff, which appear to be using Gmail accounts as their Twitter logins, as we reported earlier.
Additionally, there are concerns that the entire staff is still using an email server run by the Republican National Convention, the same crime it roasted Hillary Clinton for during the presidential campaign. To put it simply, this doesn’t seem to be an administration that has a clue — or gives a damn — about cyber security.
Update: Anonymous is no longer sure this is actually a password. It claims it could be a 2FA error, which seems unlikely as Twitter uses number-only 2FA codes. Put simply, Anonymous has no idea what it is, and we’re all still wondering if this is Spicer’s password.
Correction: They could have been the 2 step authentication codes as well. Can anyone confirm that? ht @trointet
— Anonymous (@YourAnonNews) January 26, 2017
Get the TNW newsletter
Get the most important tech news in your inbox each week.