Trump Organization uses really, really insecure e-mail servers. Sad!

(credit: Gage Skidmore)

Hillary Clinton isn’t the only one who may have had an e-mail security problem. A security researcher has discovered that the Trump Organization’s mail servers all run on a version of Microsoft Windows Server that has been out of support for years, with minimal user security. The e-mail servers for Trump’s hotels, golf courses and other businesses run on an unpatched version of Windows Server 2003 with Internet Information Server 6—making them a vulnerable target for anyone who might want to gain access to the organization’s e-mails.

Security researcher Kevin Beaumont posted the finding on Twitter at 6:00pm on Monday:

Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL

— Kevin Beaumont (@GossiTheDog) October 17, 2016

Beaumont also found the Trump Organization’s Web-based e-mail access page. Until this morning, the Trump Organization allowed Outlook Web Access (OWA) logins from webmail.trumporg.com. Beaumont said he did not attempt to log into the e-mail system.