This article was published on January 26, 2017

Anonymous publishes what appear to be Sean Spicer’s Twitter passwords [Updated]

Anonymous publishes what appear to be Sean Spicer’s Twitter passwords [Updated]
Bryan Clark
Story by

Bryan Clark

Former Managing Editor, TNW

Bryan is a freelance journalist. Bryan is a freelance journalist.

Anonymous just shared two tweets from White House Press Secretary Sean Spicer that appear to belong to his Twitter account. The collective doesn’t appear to have been involved in the security breach, if there was one — but it did publish two screencaps snagged by someone in the seconds they were live on Twitter before Spicer (or a staff member) removed them.

But were they passwords? Short answer: We’re not sure.

It’s entirely plausible that these were just pocket tweets from Spicer. If that’s the case, though, it’s a story in and of itself and security is indeed lax in this administration.

Note: Others are reporting that this could be a botched two-factor authentication (2FA) entry. That doesn’t appear to be the case here, as Twitter’s 2FA codes are numerical, and Spicer’s contain letters.

First, we’d urge you not to try to access Sean Spicer’s account using these passwords, as it is a jailable offense. Besides, chances are they’ve been changed already and it’s not really worth the risk.

The passwords — if they are indeed passwords — echo sentiment by security experts that the current administration could be grossly incompetent when it comes to cyber security. The harder of the two passwords (Aqenbpuu) would take an estimated 22 minutes to brute force, while the other (n9y25ah7) would take all of a minute, according to How Secure is My Password?.

If true, the concerns that started (in public discussion) two weeks back about Trump’s top security advisor are warranted. Then we have little issues elsewhere like Trump’s reported use of an un-hardened Android device, and his staff, which appear to be using Gmail accounts as their Twitter logins, as we reported earlier.

Additionally, there are concerns that the entire staff is still using an email server run by the Republican National Convention, the same crime it roasted Hillary Clinton for during the presidential campaign. To put it simply, this doesn’t seem to be an administration that has a clue — or gives a damn — about cyber security.

Update: Anonymous is no longer sure this is actually a password. It claims it could be a 2FA error, which seems unlikely as Twitter uses number-only 2FA codes. Put simply, Anonymous has no idea what it is, and we’re all still wondering if this is Spicer’s password.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with