Hacker reveals massive Parler data leak: ALL users’ messages, location info and even driver’s licenses may have been exposed
Parler, a social network popular with conservative audiences, was removed from the internet on Monday, after Amazon kicked the site off its hosting service, citing"a steady increase in this violent content" in the wake of Wednesday's riot at the US Capitol. The decision to pull support came after Apple and Google blocked the social network from their online marketplaces over the weekend.
Shortly before Amazon's move, a self-described hacker from Austria, going by 'Donk Enby' on Twitter, claimed to have gained access to all of the "unprocessed, raw" video files uploaded to Parler "with all associated metadata." The hacker even included a link to the file library in order to prove that the data leak was real.
These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata.— crash override (@donk_enby) January 10, 2021
The development agitated the social network's audience, especially since it occurred around the same time as Parler's shutdown.
News of the apparent leak quickly spread online, leaving some to wonder how the hacker could have snagged the entirety of one of the network's file libraries.
A Reddit user named 'BlueMountainDace' claimed to have the answer, and they posted it in the group 'ParlerWatch,' which appears to have been created to monitor some of the perceived extreme views of the platform's users.
According to 'BlueMountainDace', it was not just the videos, but the entirety of Parler's users' data that was exposed.
In their viral post, the Redditor asserted that one of Parler's hosting platforms, Twilio, accidentally exposed the app's security authentications via a press release. This in turn could have allowed any person to create a blank administrator account and access all of Parler's private content, which, besides message history and geo data, might have included users' driver's license photos, which were used to create a verified account.
Currently it is unclear which press release by Twilio might have led to the Parler data being exposed.
Remember how people were dunking on Parler for being built on WordPress? Well, through a plug-in exploit, literally all the user data (including photos of verified state id cards) has been retrieved by hackers and is being posted online. Lmao ♾️https://t.co/w1yexoUOxqpic.twitter.com/h2Mf7Fn1Sc— Classic Bird Respecter (@BirdRespecter) January 11, 2021
According to tech writer Matthew Sheffield, the breach was possible due to Parler's long-criticized lax security standards. Specifically, Sheffield blames the potential leak on the app "never actually deleting anything its users posted," while keeping the data accessible to administrator users.
Parler never actually deleted anything its users posted. And, stupidly, they also kept it accessible to admin users.This meant that anyone with admin access could still download it.— Matthew Sheffield (@mattsheffield) January 11, 2021
However, Sheffield notes that it will likely "take a little while" for such amounts of data to be processed in order for it to end up in an accessible "WikiLeaks-style data dump."
It's going to take a little while for this data to end up at a permanent central repository but once it's done, it'll be a Wikileaks style data dump of Parler users, where they were, what they posted, what they tied to delete. Lots of #MAGATerrorist types are gonna get doxed.— Matthew Sheffield (@mattsheffield) January 11, 2021
Parler and Twilio have yet to comment on the allegations.Also on rt.com Parler goes offline as Amazon pulls the plug on the conservative social network
Think your friends would be interested? Share this story!