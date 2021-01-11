Parler, a social network used to plan the storming of the U.S. Capitol last week, has been hit by a massive data scrape. Security researchers collected swaths of user data before the network went dark Monday morning after Amazon, Google, and Apple booted the platform.
The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.
“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.
Security researchers claim that the scrapped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.
CyberNews pro tip
Your privacy is important and you cannot take it for granted. Unfortunately, the last line of defense is you, so you have to make sure you're protected whenever you're online. One of the best ways to do that is with a VPN.
Find out more
The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.
Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence.
Parler, which claims to have over 10 million users, has lax rules over content, making the platform very attractive to far-right groups. Google and Apple removed Parler’s smartphone app from their app stores, claiming that the platform allowed posting that seeks to “incite ongoing violence in the U.S..” Amazon took similar measures, removing Parler from its hosting service.
Reddit users claim that the scrape was made possible due Twilio, an American cloud communications platform that provided the platform with phone number verification services, cutting ties with Parler.
In a press release announcing the decision, Twilio revealed which services Parler was using. This information allowed hackers to deduct that it was possible to create users and verified accounts without actual verification.
With this type of access, newly minted users were able to get behind the login box API used for content delivery. That allowed them to see which users had moderator rights and this in turn allowed them to reset passwords of existing users with simple “forgot password” function. Since Twilio no longer authenticated emails, hackers were able to access admin accounts with ease.
A question of ethics
Even though the stated purpose of the data scrape is to keep proof of wrongdoing, a question remains: do the ends justify the means?
On the one hand, some of the people whose data got scraped actively planned acts of violence. On the other, some people joined Parler only out of curiosity or professional obligation, such as journalists. However, the data scrape was universal, without hackers paying attention to the real intentions of account holders.
“From what I‘m reading, these weren‘t hacking in a sense we think about state-sponsored hacking, involving phishing or active deception, or anything like that. There was a glaring gap in the security of the platform, and @don_enby and a few others noticed it and used it,” Ali Alkhatib, data ethicist and a research fellow at the Center for Applied Data Ethics, explained to CyberNews.
Since @don_enby did not carry out the data scrape secretively, there’s little to worry about from an ethics perspective. However, Alkhatib agrees that if the data scrape was targeted towards minority groups, there’d be a lot more to worry about.
“To me, this is a little more like the Ashley Madison debacle, but for white supremacists,” he explained.
Afraid your online presence was compromised? Check if your data has been leaked.
This article is dripping with far left propaganda. Democrats besieged cities for months and burn, loot, and murder. The double standards are mind numbing and the number of fascists on the left that are willing to go too far down the rabbit hole of censorship is amazing.
Good bye, free speech. This is 1984.
So Twilio is a gigantic security hole for any site using it. They shot themsleves in the foot.
By “security researchers” they mean “criminal hackers”.
Why would anyone ever fight for the outgoing president. He would never fight for you and he proved it when he said he was going to walk to the Capitol. But where was he, he ran off with his son, lawyer and Brooks to the Whitehouse to watch everything on TV. He gas never cared about anyone except himself family and friends. Not his voters. Thank God for facial recognition
Why don’t you allow the videos taken by actual protesters and not antifa be posted??!!! You will see a completely different narrative!
I just read about how parlor didn’t use any of Amazon’s proprietary stuff for portability. I’m paraphrasing but it went something like this;
“We didn’t use any of the AWS services, we did everything ourselves, on the bare metal.”
Maybe you should have used the AWS security stuff, clearly your own setup sucked.
Excuse me – when is doxxing for political reasons done by “security researchers?”
These actions were illegally, arguably terroristic given the doxxing and political context.
Real security researchers would not do this – it’s illegal even without the doxxing. And, if they did get the data, they wouldn’t reveal it, even to law enforcement, without valid subpoenas.
The wording of this article is at a minimum unfortunate.
Oooh ooh, now do twitter. Let us know how much child porn and threats against the trump administration s life their are.
I won’t hold my breath.
This wasn’t a leak, it was people archiving the site before it went down.
It wasn’t a hack either, it was extremely poor coding on the parler side that let anyone right in the front door with a simple forgot password.
Parler had more stringent rules for content than Twitter does, the latter of which is still hosting all kinds of hate (eg Iran’s leaders).
Parler used broadcast standard approach. If you can’t publish it on TV or the radio, then it wasn’t permitted on Parler. It was a conservative platform after all, so naturally they’d be more reserved than left leaning media.
So are these people who stole the data ‘hackers’ or ‘security researchers’? The article calls them both. Clearly they broke many laws to obtain that data. I personally don’t care about Parler, Twitter, or any other social media platform where whining about things is the only thing you see. Just give me Facebook and cat videos.
Security Researchers? They were doxxed in an effort to scare users and potential members into compliance. This scares no one?
“Parler has lax rules over content.” This is a flat out lie as Parler doesn’t allow threats of violence or posts that advocate violence. This is what Twitter says it doesn’t allow except that it is enforced across the board on Parler while Twitter lets leftists and blue checks advocate violence routinely.
What Parler doesn’t do is censor posts that they don’t like, and in that manner they’re completely the opposite of Twitter, Facebook and Google-YouTube.
So Twilio caused the breach? Their stock must be plummeting now!
There’s nothing different on Paler than there is on all other platforms used by the left !!!! NOTHING