70TB of Parler users’ messages, videos, and posts leaked by security researchers

GURPS

INGSOC
PREMO Member
However, after the news about the data scrape went global, the author of the hack @donk_enby explained in a tweet that neither her nor others have collected any personal data that Parler users did not make public themselves.

[clip]

Reddit users claim that the scrape was made possible due Twilio, an American cloud communications platform that provided the platform with phone number verification services, cutting ties with Parler.

In a press release announcing the decision, Twilio revealed which services Parler was using. This information allowed hackers to deduce that it was possible to create users and verified accounts without actual verification.

With this type of access, newly minted users were able to get behind the login box API used for content delivery. That allowed them to see which users had moderator rights and this in turn allowed them to reset passwords of existing users with simple “forgot password” function. Since Twilio no longer authenticated emails, hackers were able to access admin accounts with ease.

Twilio, however, distanced themselves from the accusations on revealing information about Parler’s services in a press release. The company’s head of corporate communications, Cris Paden, reached out to CyberNews in an article comment claiming that Twilio’s security experts found no evidence that Parlers’ security issues were related to their services.




 
Top