The known Parler data breach is not quite as extensive as reported
A few days ago Parler’s host, Amazon Web Services, after a lengthy documented series of complaints and warnings, shut down the social network’s access to the Amazon Web Services platform. It was widely reported that a massive hack caused by making fake admin accounts happened, and you know what, that might have happened also, but it was a very poorly designed website with no … not going to say hacking, but it was Parler’s programming and lack of security that served things up.
Oversimplifying TL;DR – not a whole lot different than Google indexing a site, but on a massive distributed scale.
There’s a really great rundown over on Vice, you should read it, but I thought I’d post a TL;DR version over here as I’ve been really fascinated by what has been going on.
Also just for eff’s sake if I say there were extremist terrorists on Parler it’s because there were… there were also mostly not people who were supporting violence and murder so if I say Parler had people plotting murder on it and you want to feel victimized because you were also on Parler, um that’s all you.
- 56.7TB data archived
- Government documents probably not retrieved
- Deleted posts probably not retrieved
- Jailbroken iPad involved (why?)
- No randomization used in media and post naming so no guessing what the next media name was
- 96% of all Parler public data was captured and archived before AWS pulled the plug
- No security personnel at Parler stopped it / evidently knew the site was being slammed
- Archive Team at the direction/with the tools provided by donky_enby, bought a lot of storage space and did a lot of the pull
- Parler did not strip any metadata/GPS info, you know like you should
- The FBI / NSA / Homeland security legally can get any of it (and probably are at the moment,) so this was just jumping the gun by about 3 days and putting all the videos and posts out to the public
While the Vice article does a pretty good rundown, during the first bit after the big pull was done there was quite a bit of commentary on the deleted items and IDs obtained by different groups (not the main one.) Bragging, lying, or a separate hack, or just not reported – do not know. The hacker in chief claims no deleted items retrieved.
As it stands other than this being Parler’s public posts and all media, there’s nothing here to indicate deleted items were retrieved. There’s nothing in either the Vice or Daily Dot articles to indicate this was anything other than a highly sophisticated scraping operation.
It looks like 3 days ago was the last time people posted that the deleted items were retrieved, and on Wired it was mentioned that they had not accessed “all information” – only things that were publicly available were archived.
So basically the site got indexed, and indexed hard. All media that was publicly available, sort of like what Google does, but you could go and grab the videos and media with metadata. Anyone who was smart enough to delete content probably not at risk by the public, just the FBI, NSA, Homeland Security, Office of the … nevermind.
Other than what people put out there for public consumption, there’s not anything people didn’t, at least if that info is right.