|© Getty Images / spyarm; © AFP / Olivier DOULIERY via RTnews|
Parler, a social network popular with conservative audiences, was removed from the internet on Monday, after Amazon kicked the site off its hosting service, citing"a steady increase in this violent content" in the wake of Wednesday's riot at the US Capitol. The decision to pull support came after Apple and Google blocked the social network from their online marketplaces over the weekend.
Shortly before Amazon's move, a self-described hacker from Austria, going by 'Donk Enby' on Twitter, claimed to have gained access to all of the "unprocessed, raw" video files uploaded to Parler "with all associated metadata." The hacker even included a link to the file library in order to prove that the data leak was real.
I am now crawling URLs of all videos uploaded to Parler. Sequentially from latest to oldest. VIDXXX.txt files coming up, 50k chunks, there will be 1.1M URLs total: https://t.co/YUl8CtoeEA— crash override (@donk_enby) January 10, 2021
This may include things from deleted/private posts.
News of the apparent leak quickly spread online, leaving some to wonder how the hacker could have snagged the entirety of one of the network's file libraries.
A Reddit user named 'BlueMountainDace' claimed to have the answer, and they posted it in the group 'ParlerWatch,' which appears to have been created to monitor some of the perceived extreme views of the platform's users.
According to 'BlueMountainDace', it was not just the videos, but the entirety of Parler's users' data that was exposed.
In their viral post, the Redditor asserted that one of Parler's hosting platforms, Twilio, accidentally exposed the app's security authentications via a press release. This in turn could have allowed any person to create a blank administrator account and access all of Parler's private content, which, besides message history and geo data, might have included users' driver's license photos, which were used to create a verified account.
Currently it is unclear which press release by Twilio might have led to the Parler data being exposed.
Not going to post any links to breached data, but you can easily find it yourself. Another thing to note is that even if users were unverified, the website by default did not scrub exif data from photos and videos pic.twitter.com/iFQiGSYblU— Classic Bird Respecter (@BirdRespecter) January 11, 2021
In slightly more technical terms, it seems as though Parler never closed some of their developer-friendly security holes (sort of the programming equivalent of game cheat codes made by devs) and as a result, their anyone with the right knowledge could have admin access.— Matthew Sheffield (@mattsheffield) January 11, 2021
This Parler user explains it quite well here. Because of yet more security flaws at Parler, it's now possible for all that "free speech" to be shared and archived with the world, even if the posters tried to erase their not-at-all innocent videos and GPS data. https://t.co/YbjbwXQitj— Matthew Sheffield (@mattsheffield) January 11, 2021
Post a Comment