Dutch police have launched an investigation against a security researcher who logged into the US president’s Twitter account by guessing his password.
Last month, well-known cyber investigator Victor Gevers said he had gained access to Donald Trump’s Twitter account with the password ‘MAGA2020!’.
The White House denied it had happened and Twitter said it had no evidence of a hack.
But Mr Gevers has now revealed more information to back up his claims.
As part of the police interrogation, Mr Gevers revealed for the first time that he had substantially more evidence of the “hack” than he had previously released.
He did not reveal exactly what information he had, but by logging in to somebody’s Twitter account someone would in theory be able to see and send private messages, see tweets that the user had privately bookmarked and access information such as how many people the account holder had blocked.
They would even be able to download an archive of all the user’s data, including photos and messages.
Mr Gevers says he was doing a semi-regular sweep of the Twitter accounts of high-profile US election candidates on 16 October when he guessed President Trump’s password.
He did not post any tweets or change any settings, but said he took screenshots of some parts of the president’s account.
He said he had spent days trying to contact the Trump campaign to warn them about their security, which was lacking extra safeguards like two-factor authentication, before going to the press.
Two-factor authentication is a widely-used security system that links a phone app or number to an account, to add an extra step to the process of logging in.
The US president’s account is now secure.
A spokesman for the Dutch Public Prosecution Service confirmed to De Volkskrant newspaper: “We are currently investigating whether something criminal has happened.”
The spokesman said their inquiry was an “independent Dutch investigation” and not based on a US request for legal assistance.
Police must first prove that the hack happened. If prosecutors consider Mr Gevers’ actions to be illegal and outside the realm of cyber-security research, he could face up to four years in prison.
Mr Gevers told reporters of his hack on 22 October. Dutch news outlet Vrij Nederland first reported the story.
Twitter said: “We’ve seen no evidence to corroborate this claim. We proactively implemented account security measures for a designated group of high-profile, election-related Twitter accounts in the United States, including federal branches of government.”