70TB of Parler users’ data leaked by security researchers

Parler, a social network used to plan the storming of the U.S. Capitol last week, has been hit by a massive data scrape. Security researchers collected swaths of user data before the network went dark Monday morning after Amazon, Google, and Apple booted the platform.

The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken.

I am now crawling URLs of all videos uploaded to Parler. Sequentially from latest to oldest. VIDXXX.txt files coming up, 50k chunks, there will be 1.1M URLs total: https://t.co/YUl8CtoeEAThis may include things from deleted/private posts.— crash override (@donk_enby)
“These are original, unprocessed, raw files as uploaded to Parler with all associated metadata,” claims one of the authors.
Security researchers claim that the scrapped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license.

CyberNews pro tip

Your privacy is important and you cannot take it for granted. Unfortunately, the last line of defense is you, so you have to make sure you're protected whenever you're online. One of the best ways to do that is with a VPN.
Find out more

The data might prove valuable to law enforcement since many who participated in the riots deleted their posts and videos afterward. The data scrape includes deleted posts, meaning that Parler stored user data after users deleted it.

a sample of what's in there pic.twitter.com/5o8CBRrmgc

— crash override (@donk_enby)
Parler, a far-right friendly site, was among the key candidates to host President Donald Trump’s social media presence as Twitter and Facebook suspended his accounts for instigating violence. Parler, which claims to have over 10 million users, has lax rules over content, making the platform very attractive to far-right groups. Google and Apple removed Parler’s smartphone app from their app stores, claiming that the platform allowed posting that seeks to “incite ongoing violence in the U.S..” Amazon took similar measures, removing Parler from its hosting service.
Reddit users claim that the scrape was made possible due Twilio, an American cloud communications platform that provided the platform with phone number verification services, cutting ties with Parler.
RELEASE: Every Parler post made during the 06/01/2021 US Capitol riots. https://t.co/YUl8CtFPw8 (batches of 100k URLs, for archival purposes)— crash override (@donk_enby)
In a press release announcing the decision, Twilio revealed which services Parler was using. This information allowed hackers to deduct that it was possible to create users and verified accounts without actual verification.

With this type of access, newly minted users were able to get behind the login box API used for content delivery. That allowed them to see which users had moderator rights and this in turn allowed them to reset passwords of existing users with simple “forgot password” function. Since Twilio no longer authenticated emails, hackers were able to access admin accounts with ease.

Afraid your online presence was compromised? Check if your data has been leaked.

Similar Articles:

Studies prove once again that users are the weakest link in the security chain

Studies prove once again that users are the weakest link in the security chain

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

How Twitter Misused Personal Phone Numbers for Advertising

How Twitter Misused Personal Phone Numbers for Advertising

Facebook exposed user data to thousands of app developers

Facebook exposed user data to thousands of app developers