Recent reports claim that 70 terabytes of user data from social media network Parler have been leaked online.
CyberNews reports that self-drscribed security researchers performed a massive data scrape of the social media network Parler before it was taken offline by Amazon Web Services. The data scrape captured user profile data, user information, and other private and administrative information.
A Twitter user going by @donk_enby announced the scrape, claiming that over a million video URLs had been collected. Twitter itself suffered a massive hack of prominent accounts in 2020.
I am now crawling URLs of all videos uploaded to Parler. Sequentially from latest to oldest. VIDXXX.txt files coming up, 50k chunks, there will be 1.1M URLs total: https://t.co/YUl8CtoeEA
This may include things from deleted/private posts.
— crash override (@donk_enby) January 10, 2021
The Twitter account claims that the posts are linked to accounts that posted them and some of the video and images contain location information. It’s also said to include data from Parler’s “Verified Citizens,” which are users of the network who have verified their identity by uploading photographs of government-issued IDs such as a driver’s license or passport.
The data scrape also appeared to include deleted posts which would mean that Parler kept user data after users attempted to delete it.
a sample of what's in there pic.twitter.com/5o8CBRrmgc
— crash override (@donk_enby) January 9, 2021
Parler has previously claimed to have over 10 million users but was shut down after google and Apple removed the website’s smartphone apps from their app stores. A short time later, Amazon Web Services announced they would be removing the site’s hosting services, alleging that Parler failed to properly moderate its platform.
Some Reddit users allege that the user data scrape was made possible due to Twilio, an American cloud communications platform that provided Parelr with a phone number verification service and has since cut ties with the company.
In a press release announcing plans to cut ties with the platform, Twilio revealed which services Parler was using which allowed hackers to determine that it was possible to create users and verified accounts without actual verification.
Once the was discovered, they were allegedly able to get behind the login box API that is used for content delivery, allowing them to see which user shad moderator rights and in turn allowing them to reset passwords of existing users. As Twilio was no longer authenticating emails, hackers were able to access admin accounts easily.
Breitbart News has reached out to Parler for comment on this story.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org