Security News > 2020 > October > Compromised CMS Credentials Likely Used to Hack Trump Campaign Website
Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump's campaign website.
According to WordPress security solutions provider Defiant, which develops the Wordfence product, the hackers most likely used compromised credentials for access, supposedly targeting the underlying Expression Engine content management system, which is an alternative to WordPress.
If the attackers had access to the campaign's Cloudflare account and were able to point the domain to their own IP address, the entire website would have been restored by simply pointing it to the right IP address.
Of even lower probability would be the use of compromised credentials to access the account where the domain donaldjtrump.com was registered; a possible access via FTP or SSH; or the use of a zero-day flaw in Expression Engine, which has had few known vulnerabilities, Defiant says.
"Almost every possible scenario includes reused credentials being exploited to gain access to the donaldjtrump.com site. In almost every case, having 2-Factor Authentication enabled would have prevented such a scenario from occurring. It's also a reminder that it is important to enable 2-Factor Authentication not only on your website's administrative panel, but on every service that offers it, including services you might not think of as being vulnerable," Defiant concludes.