It's even simpler than that, both of the fields in the screenshot are editable fields, so they had to do nothing more than create a new account, upload the same banner and profile picture, and put the text in the boxes
hey inspect element tricks and developer tools have been put to great effect in the realm of scammers transferring excess refund funds into folks bank accounts.
He did not post any tweets or change any settings, but
said he took screenshots of some parts of the
president's account.
If he has screenshots of private messages, etc, that would certainly prove he had access... but only if Trump or somebody with legit access to Trump's account was able and willing to verify them.
Of course, I don't blame this researcher for lacking more concrete proof. He could easily have proved his access by changing something in Trump's account, sending a tweet/DM, etc. But by doing so he likely would have brought some serious legal issues down onto himself.
By that logic anyone could impersonate anything. Dutch prosecutors have accepted it, the bbc are a reputable organisation, it almost certainly happened.
It is very possible that this is just an article with limited info and not much has been released publicly because of privacy/security concerns.