Tuesday, January 12, 2021

Parler Data Breach

Serious data breach at Parler:

Whilst scrambling to keep operational as various server providers pulled Parler from their services the admins left open a security loophole that allowed hackers to create administration accounts. They used this to create MILLIONS of admin accounts and to start downloading all of the data that Parler had stored. Amongst this data, discussions planning to attack the US Capitol from verified users (with pictures of their drivers licences etc. ), GPS data, photos with EXIF data

More details at this Reddit thread

[A]ll of this information was thought to be secure and private by individuals who were making the posts. A significant number of those individuals went through the process of being a "Verified Citizen" on Parler. What does that mean?

It means they uploaded a picture of the front and back of their REAL State Driver's License........ Let that sink in for a second.

I am positive the FBI has been actively soaking in this information along with the Internet Warriors, but this is how they are going to officially track down.

And it's how the FBI, DHS, and FAA have been able to immediately and exhaustively create no-fly lists. Every verified attendee of the Capitol riot where they can find a real name has been placed on No-Fly Lists.

It might seem like a small geeky glitch or hack.. but in the age of Information warfare... this is the silver bullet for the people who used Parler as a place to organize their efforts.

Also, a lot of posts were deleted by Parler members after the riots on the 6th. Turned out... Parler didn't actually delete anything.. just set a bit as deleted.

Guess what has access to all "deleted" content?

Administrator accounts."