#ButHerEmails: All Sean Spicer’s Cybersecurity Problems So Far

Spicer seems to have struggled with Venmo users asking him for money, tweeting what may be passcodes on Twitter, and leaving personal information online

White House Press Secretary Sean Spicer seems to be having a tough time with “the cyber,” as his boss Donald Trump would call it.

The latest in the Spicer saga of Internet woes is a Mashable report that much of Spicer’s personal data is easily accessible online. It’s part of the “WHOIS” information required when filing for an Internet domain registration. When Spicer purchased the domain “seanspicer.com” in 2009, he filled out the required WHOIS information, Mashable reports — adding that he also failed to make it private.

Domain registrars such as GoDaddy gather WHOIS information when domain names are filed. The information is public in most cases unless the person registering wants it private, which usually costs a small fee. As Mashable points out, Spicer could have hidden his personal info for about $8 a year.

WHOIS information also reveals Spicer has 16 other domain names tied to his Yahoo email address, as well, Mashable reports. The site said it also discovered Spicer’s phone number, listed in his WHOIS, was in a Wikileaks dump. Apparently Spicer didn’t change the number after it found its way onto the Internet in a massive leak.

The Trump campaign criticized Hillary Clinton constantly during the run-up to the 2016 presidential election over cyber security. The FBI investigated Clinton over the use of a private email server for government business during her tenure as secretary of state. The investigation ultimately concluded Clinton didn’t break the law but did use very poor judgment in using the server. But Trump made a point of grilling Clinton repeatedly on the more than 30,000 emails the investigation said the Clinton camp had deleted.

Spicer hasn’t just had trouble with his web domains. This week, Twitter users discovered what appears to be Spicer’s account on the app Venmo, which allows people to quickly send or request money from one another. The account, @seanspicer, was public.

Of course, Twitter has been trolling the Spicer account ever since the discovery, using it to request money (and occasionally offer him a little charity, along with jokes).

And then there were Spicer’s cryptic tweets. Twice during one week, Spicer tweeted what appeared to be a nonsensical string of letters and numbers. Twitter users immediately speculated the press secretary had accidentally shared his password with his 1.486 million followers.

As the Washington Post reported, the likeliest explanation was Spencer (or someone with access to the account) was using Twitter’s two-factor authentication system to sign in. The jumble of characters was likely the verification code, which gets sent to a mobile device like a phone to verify a user’s identity. Twitter sends the codes by text message. If you reply to the text accidentally instead of entering the code into the Twitter app, it’ll post whatever text you send as a tweet.

What was probably an innocent mistake didn’t stop “SNL” from making a joke about Spicer accidentally sharing his password when Melissa McCarthy played him last week, though.

Oh, and one more thing that’s worth noting: Many in the Trump administration are using a private email server.