Trump Organization is using horribly insecure email servers

The security researcher was swiftly attacked by Trump supporters who couldn't understand that the information was publicly accessible.
Written by Zack Whittaker, Contributor

(Image: CBS News/File photo)

If you thought Former Secretary of State Hillary Clinton's private email server was a mess, Donald Trump's company is running email servers that look like a dumpster fire by comparison.

Security researcher Kevin Beaumont said in a tweet on Monday that the Trump Organization, the parent company of the alleged billionaire's portfolio of realty, steaks, golf, and hotels, is running a set of email servers that are horribly outdated and long past the end-of-life, meaning they haven't received security patches in over a year.

Beaumont said he found that the company's email system is running the decade-old Windows Server 2003 and Internet Information Servers 6, both of which haven't been supported in over a year.

Both sets of software are so old that Microsoft no longer patches even known security vulnerabilities. Instead, users should upgrade. Patches remain as one of the best ways for preventing hackers from exploiting security flaws.

A spokesperson for Trump, now the Republican presidential candidate, could not be reached on Tuesday.

Beaumont, a British citizen who can't vote in the upcoming US election, was summarily hounded by Trump supporters on Twitter, who among other things accused him of hacking. (The data he gathered is publicly accessible; many web browsers, including Chrome, allow users to check what software is running on a web server.)

Among the tweets of abuse he received, one pro-Trump user claimed to have reported Beaumont to the FBI.

In his own set of tweets, Michael Morisy, founder of investigative outlet MuckRock, said that the unsubstantiated accusation that Beaumont in any way did anything illegal "misses some fundamentals of modern security".

"If your posture is that bad, you're already pwned," he said. "There's good reasons that infosec talks openly about security holes, and framing frank discussion as malicious hurts security in the long run," he added.

Disclosing improves the chances of fixing the issues, said Morisy.

Editorial standards