“Oops, @FLOTUS’s email address leaks! I kindly pointed this out (and invited her to the beautiful @Oilsjt) :).”
Inti de Ceukelaire, a Belgian ethical hacker who once redirected links in Donald Trump’s old tweets to a video celebrating his hometown of Aalst, has struck gold again – this time with the First Lady of the United States, Melania Trump.
— Inti De Ceukelaire (@intidc) May 24, 2017
Thanks to some ill-configured privacy settings and a self-written script, de Ceukelaire was able to use Facebook to find Mrs. Trumps email address. He then proceeded to implore her to visit Aalst, enticing her by comparing it to Las Vegas: “Except for the rich people. And the casinos. And the hotels.”
“Forget about the Donald,” he continues, “because here we have the Dozzje,” referring to Aalst’s mayor Christoph D’Haese.
After disparaging people from the neighboring (and historically rival) town of Dendermonde by jokingly calling them “the mexicans of Belgium” who are being kept out by the river Denjer.
The email continues with a plea to convince her husband to build their next Trump tower in Oiljst – the local way to call Aalst – because they love towers there. De Ceukelaire references Aalst’s famous ex-mayor Ilse Uyttersprot, who once was recognized in a video on the internet having public sex on top a tower of the royal palace in Navarra, Spain.
In the PS of the email he gives away how Mrs. Trump can avoid embarrassing snafus like these in the future. Apparently FLOTUS neglected to changing the ‘who can look me up’ privacy setting to ‘only me.’
Belgian news site HLN asked de Ceukelaire if it was really that easy. “Yes, because Facebook wants it to be easy to find personal data,” he told them. “All privacy setting are set to open if you know someone’s email address. That’s why I impersonated Melania and forgot my Facebook password. Then I got a screen with the first and last letter of her private email address. I then wrote a program that tests possibilities automatically and it spit out the answer in thirty seconds.”
We asked de Ceukelaire if FLOTUS has changed the setting yet, and after checking he told TNW that wasn’t the case. The presidential couple is visiting Brussels this week, so it still remains to be seen if Melania takes de Ceukelaire up on his invitation.
The mishap – which in this case was used for an innocent joke – isn’t the first time faulty security settings lead to embarrasment of Trump’s inner circle. Back in January, we reported on the fact that the email addresses of Trump and many of his staffers were publicly visible on Twitter. Apparently, no lessons were learned from that. Oops.