Parler data breach: Hackers claim they downloaded everything from Parler before it was taken offline
The information could help American law-enforcement authorities to identify and locate perpetrators who used the platform to plan US Capitol violence
Hackers say they have archived massive amounts of public information from far-right social media platform Parler before it was taken down in the early hours of Monday morning.
An independent hacker from Austria, who goes by the name Crash Override (@donk_enby on Twitter), disclosed on Monday that they had access to all of the "unprocessed, raw" video files uploaded by users on the platform, along with associated metadata, including user location, messages, and even driving licences where some users had verified their identity on the site.
Crash Override said they had found a web address that the platform used internally to retrieve users' data. This allowed the hacker to create a dump of all media uploaded to Parler, including posts that had been deleted by users, such as those referring to the Capitol attack last Wednesday.
A Reddit user known as BlueMountainDace explained how the breach was carried out.
"A group of developers latched onto the Press Release that Twilio put out at midnight last night. In that Press Release, Twilio accidentally revealed which services Parler was using. Turns out it was all of the security authentications that were used to register a user," BlueMountainDace said. [Update: this assertion has since been withdrawn by the poster; see comment from Twilio below]
"This allowed anyone to create a user, and not have to verify an email address, and immediately have a logged-on account.
"Well, because of that access, it gave them access to the behind the login box API that is used to deliver content.
"Also, a lot of posts were deleted by Parler members after the riots on the 6th. Turned out… Parler didn't actually delete anything... just set a bit as deleted."
Parler encouraged users to provide more identifying information, such as a driver's licence, to the website to receive a "verified real person" badge. This information was also obtained in the data dump.
The hackers plan to release the information in the public domain, which is likely to help US authorities to identify and locate perpetrators who used Parler to plan violence in the Capitol and elsewhere.
"Bad news. Left extremists have captured and archived over 70 TB of data from Parler servers. This includes posts, personal information, locations, videos, images etc. The intent is a mass dox and a list to hold patriots 'accountable'. It is too late to scrub your data, and its already archived. There is nothing you can do to prevent what's already happened. All you can do is prepare for the fallout," read a message supposedly from the North Central Florida Patriots Telegram chat, according to The Independent.
Parler is seen as a haven for people blocked by other social media platforms. Thanks to its hands-off approach to policing user content, the platform became a favourite spot recently for Trump supporters to post messages celebrating violence and encouraging "patriots" to march on Washington, DC, with weapons on 19th January.
On Sunday, Amazon removed Parler from its cloud hosting AWS, over the platform's failure to act quickly enough against violent content on the platform.
The company said that it "cannot provide services to a customer that is unable to effectively identify and remove content that encourages or incites violence against others."
"We've seen a steady increase in this violent content on your website, all of which violates our terms of service," Amazon reportedly told Parler in a letter.
The move followed similar steps from Apple and Google, who last week suspended Parler from their respective app stores over its sloppy approach to content moderation.
Parler CEO John Matze called the actions against the platform as "a coordinated attack by the tech giants to kill competition in the marketplace."
There is little chance for Parler to get back online soon after "every vendor, from text message services, to e-mail providers, to our lawyers all ditched us too on the same day," Matze told Fox News.
Parler on Monday sued Amazon for abruptly ending the web hosting agreement between the two companies.
It accused Amazon of taking the decision to stop Parler from competing with the larger social platform Twitter.
The company is requesting the court to pass an order to stop Amazon from pulling AWS support from the social media site. It said that an extended shutdown for the platform would be like "pulling the plug on a hospital patient on life support".
Update 13 January: Following the publication of this story Twilio emailed us to say that the information posted on Reddit was inaccurate and indeed the poster BlueMountainDace has since withdrawn parts of his/her account. Twilio's comment is published in full below.
"With regards to reports of cyber security issues Parler experienced and have been attributed to Twilio, our security team investigated the claims and found no evidence indicating their security issues were related to Twilio or our products. Per our Website, Twilio has not issued any press releases pertaining to or referencing Parler. Furthermore, Parler was using Twilio to send out identity verification codes for new downloads or password resets. Once a user was verified, security protocols were independently handled by Parler and did not involve Twilio or its products. On Friday, January 8th, we sent Parler a letter informing them they were in violation of our Acceptable Use Policy and notifying them that we would suspend their account if they did not make efforts to remediate multiple calls for violence on their platform. Shortly after receiving our letter, Parler informed us they had already turned off their integration with Twilio. Any cyber security issues experienced by Parler were completely unrelated to Twilio or any of its products." Twilio Inc.