70 Tb of Parler data scraped before service went down

[GregR 6,236]

Short version:  Security researchers got admin access and downloaded 70Tb of Parler content before it went down.  This also included content people had deleted after Jan 6, since it gets flagged as deleted but remains behind the scene visible to admin accounts. 

 

https://cybernews.com/news/70tb-of-parler-users-messages-videos-and-posts-leaked-by-security-researchers/

Quote

Parler, a social network used to plan the storming of the U.S. Capitol last week, has been hit by a massive data scrape. Security researchers collected swaths of user data before the network went dark Monday morning after Amazon, Google, and Apple booted the platform. 

The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Twitter user @donk_enby, who first announced about the scrape, claims that over a million video URLs, some deleted and private, were taken. 

...

Security researchers claim that the scrapped posts are linked to accounts that posted them, and some of the video and image data have geolocation information. That is said also to include data from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license. 

 

 

A more technical description of how it happened:

https://i.imgur.com/R1GndBl.png

https://i.imgur.com/q1i2l7G.png

 

Edited January 11 by GregR

[BroadwayG 975]

This was very fascinating to watch unfold through twitter threads

[Dinsy Ejotuz 13,278]

The explanation in your 2nd link is incredible. 

[Osaurus 9,189]

Interesting read and a "what not to do" for online security.

[SWC 15,742]

how much data is in a tablespoon is that a lot or what take that to the bank brohans 

[Sinn Fein 34,147]

5 minutes ago, Osaurus said:

Interesting read and a "what not to do" for online security.

Its almost like standing up an app like Parler takes a bit of planning and work - and when you skip both, things might not work they way you thought.

[Dinsy Ejotuz 13,278]

5 minutes ago, Osaurus said:

Interesting read and a "what not to do" for online security.

Not a techie, but is this down to some uber-state-level hacker?  Or just crappy coding/security on the part of Parler?

[Osaurus 9,189]

2 minutes ago, Dinsy Ejotuz said:

Not a techie, but is this down to some uber-state-level hacker?  Or just crappy coding/security on the part of Parler?

The latter imo

[Ned 10,620]

3 minutes ago, Dinsy Ejotuz said:

Not a techie, but is this down to some uber-state-level hacker?  Or just crappy coding/security on the part of Parler?

Shockingly bad.

[Sinn Fein 34,147]

8 minutes ago, SWC said:

how much data is in a tablespoon is that a lot or what take that to the bank brohans 

@Zow - you want to handle this?

[Dinsy Ejotuz 13,278]

Dupe.

 

Edited January 11 by Dinsy Ejotuz

[Dinsy Ejotuz 13,278]

Have been trying to understand this hack and, well, I just don't.

Except that if some spook group designed an app to trap info on right-wing extremists it would probably have a lot of the same features bugs that Parler did.

Edited January 11 by Dinsy Ejotuz

[Desert_Power 1,034]

4 minutes ago, Dinsy Ejotuz said:

Have been trying to understand this hack and, well, I just don't.

Except that if some spook group designed an app to trap info on right-wing extremists it would probably have a lot of the same [s]features[/s] bugs that Parler did.

 

I mean, maybe

[Rich Conway 3,968]

The claims here seem dubious.  Yes, I get that Parler was shoddily coded.  That's not exactly news.  But...  when I see stuff like this:

https://www.independent.co.uk/life-style/gadgets-and-tech/parler-capitol-hill-personal-data-b1785343.html?utm_source=reddit.com

Quote

“Bad news. Left extremists have captured and archived over 70TB of data from Parler servers. This includes posts, personal information, locations, videos, images etc. The intent is a mass dox and a list to hold patriots ‘accountable’. It is too late to scrub your data, and its already archived. There is nothing you can do to prevent what’s already happened. All you can do is prepare for the fallout”, a message purportedly from the North Central Florida Patriots Telegram chat shared with The Independent read.

I wonder if this isn't just more conspiracy theory rhetoric designed to inflame the same people.

[Punxsutawney Phil 905]

"Security researchers"

[The Commish 13,926]

59 minutes ago, Dinsy Ejotuz said:

Not a techie, but is this down to some uber-state-level hacker?  Or just crappy coding/security on the part of Parler?

Just started looking at this and seeing if there is useful info out there....I'd confidently assume the bold for now.

[SHIZNITTTT 3,347]

Good.  If anyone was doing anything nefarious I hope it comes to light.  

[HellToupee 15,759]

Following Mueller’s team strategy 

[Mookie 2,534]

Insurrectionists go "DOH!" 

[Apple Jack 4,937]

What kind of personal info are these people putting up on social media platforms?

[Sinn Fein 34,147]

Just now, Apple Jack said:

What kind of personal info are these people putting up on social media platforms?

I think one of the allegations was individuals had submitted photos of Driver's Licenses in an effort to become "verified" (or something similar).

I don't know that to be true - but that would not completely shock me.

[Sea Duck 1,467]

4 minutes ago, Apple Jack said:

What kind of personal info are these people putting up on social media platforms?

I don't know the ins and outs but it sounds like Twitter and Facebook will remove location data from your pictures, while Parler doesn't do that.

[GregR 6,236]

2 hours ago, SWC said:

how much data is in a tablespoon is that a lot or what take that to the bank brohans 

Twitter creates 12Tb of data a day. They have 321 million users but I don't know what amount are active daily.

Parler had like, 4 million active users.  So we're probably talking about weeks worth of data at the least.

 

 

[SWC 15,742]

so in the end this could lead to a lot of really vile things people posted on line coming directly home to roost for them right man if there was ever a more cautionary tale about not being an internet tough guy i cant think of it take that to the bank brohans 

[beef 2,985]

70TB?  That's like only 1/8th Forrest mail.

[expo86 32]

49 minutes ago, Sinn Fein said:

I think one of the allegations was individuals had submitted photos of Driver's Licenses in an effort to become "verified" (or something similar).

I don't know that to be true - but that would not completely shock me.

Yes, that is (was) the process for getting your "verified" tag on Parler. I have no idea why anyone would have been willing to do that. I'm guessing a lot of the worst accounts on the service didn't do this.

[GregR 6,236]

I've been poking about trying to further confirm the veracity of it.  From what they've posted, if it's not real they put some effort into the faking of it to look real. Gizmodo reported someone legitimate in cybersecurity has used their work before. So it seems likely to be legit.  The site they uploaded the data to was overloaded when I tried to take a look.

Edited January 11 by GregR

[da_budman 290]

I was reading this thread when I started geting a forum not available message.  I though they had gotten me too there for a minute or 2 . 🤔

Edited January 11 by da_budman

[OrtonToOlsen 17,820]

Stuff that was "deleted" was still available to admin accounts.

Nice to know Parler had the same standards as :e:

 

[MTskibum 492]

48 minutes ago, OrtonToOlsen said:

Stuff that was "deleted" was still available to admin accounts.

Nice to know Parler had the same standards as :e:

 

 

I am an application manager and this is an extremely common practice. All of my applications use soft deletes. Some of the reasons are to track how the users use the application, to help users out when they delete something and then later determine that they should not have deleted that data, and 2 of my applications are integrated with an Oracle ERP system which you do not want the user to delete ERP data.

 

I cannot find a good article but the below article is alright at explaining soft delete verse hard delete.

 

https://becomebetterprogrammer.com/blogs/soft-delete-vs-hard-delete

 

Edited January 11 by MTskibum

[OrtonToOlsen 17,820]

12 minutes ago, MTskibum said:

 

I am an application manager and this is an extremely common practice. All of my applications use soft deletes. Some of the reasons are to track how the users use the application, to help users out when they delete something and then later determine that they should not have deleted that data, and 2 of my applications are integrated with an Oracle ERP system which you do not want the user to delete ERP data.

 

I cannot find a good article but the below article is alright at explaining soft delete verse hard delete.

 

https://becomebetterprogrammer.com/blogs/soft-delete-vs-hard-delete

 

Oh I'm sure there'is a reasonable explanation and that's it's standard.  It's just hilarious that these fine folks thought they were wishing their posts/data into the cornfield.

[BladeRunner 2,714]

7 hours ago, Mookie said:

Insurrectionists go "DOH!" 

I see someone has been handed down the talking points.

[JAA 2,789]

6 hours ago, expo86 said:

6 hours ago, Sinn Fein said:

I think one of the allegations was individuals had submitted photos of Driver's Licenses in an effort to become "verified" (or something similar).

I don't know that to be true - but that would not completely shock me.

Yes, that is (was) the process for getting your "verified" tag on Parler. I have no idea why anyone would have been willing to do that. I'm guessing a lot of the worst accounts on the service didn't do this.

This

Though people still think the Prince of Persia has left them 700,000,000,00,000,0000,000,000.00 dollars in their will.

Edited January 12 by JAA

[Mister CIA 8,603]

Parler CEO John Matze is married to a Alina Mukhutdinova.

No further comment from me.

[Terminalxylem 3,094]

7 hours ago, BladeRunner said:

I see someone has been handed down the talking points.

How would you describe what took place at the Capitol? 

How do you think that compares to events in Seattle, which lead to the creation of the Capitol Hill Autonomous Zone (CHAZ)?

What constitutes an insurrection, in your opinion?

[BladeRunner 2,714]

6 hours ago, Terminalxylem said:

How would you describe what took place at the Capitol? 

How do you think that compares to events in Seattle, which lead to the creation of the Capitol Hill Autonomous Zone (CHAZ)?

What constitutes an insurrection, in your opinion?

I would call it a mostly peaceful protest.

The same thing happened in all of those other cities with antifa and BLM And they were called mostly peaceful protests.  BLM and antifa literally tried to burn down federal buildings.  

I would say what happened at the Capitol and what happened with BLM antifa is no different.

Did you call them insurrections when be BLM and antifa were doing it?

 

Edited January 12 by BladeRunner

[BroadwayG 975]

12 minutes ago, BladeRunner said:

I would call it a mostly peaceful protest.

The same thing happened in all of those other cities with antifa and BLM And they were called mostly peaceful protests.  BLM and antifa literally tried to burn down federal buildings.  

I would say what happened at the Capitol and what happened with BLM antifa is no different.

Did you call them insurrections when be BLM and antifa were doing it?

 

Was the VP and most of congress in the federal buildings as antifa tried to burn them down?

[Terminalxylem 3,094]

34 minutes ago, BladeRunner said:

I would call it a mostly peaceful protest.

The same thing happened in all of those other cities with antifa and BLM And they were called mostly peaceful protests.  BLM and antifa literally tried to burn down federal buildings.  

I would say what happened at the Capitol and what happened with BLM antifa is no different.

Did you call them insurrections when be BLM and antifa were doing it?

 

Trump rallies, for the most part, have included peaceful protesting. This was different, both in intent and execution. Although the majority of the mob wasn’t violent, enough people were injured and deaths occurred, and I think it could’ve been much worse, had the rioters stumbled into an office with people like Nancy Pelosi, Mike Pence or their staff.

Some of BLM’s protests have caused damage, injuries and deaths. Others were arguably insurrectionist, including the creation of CHAZ.

But there are very important distinctions between anything BLM has done, and what happened at the Capitol:

1. The grievances of the MAGA crowd are fictitious, with no credible evidence the election was “stolen.” 
2. The Capitol insurrection was incited by the POTUS.

3. The US Capitol is the seat of democracy for the whole country, if not the entire free world.

Comparing BLM protests to what happened last week really overlooks the motivations of the protestors and the magnitude of their actions. More importantly, such comparisons do nothing to address the discord which culminated in the creation of both movements. Any violent protest is bad IMO, but a violent protest to overthrow the federal government and destroy the foundation of democracy is much worse than one based on racial injustice.

 

[JAA 2,789]

Good read:  https://arstechnica.com/information-technology/2021/01/parlers-amateur-coding-could-come-back-to-haunt-capitol-hill-rioters/

[BladeRunner 2,714]

1 hour ago, BroadwayG said:

Was the VP and most of congress in the federal buildings as antifa tried to burn them down?

How often are we going to move the goalposts?  Does it matter if they are regular federal employees or does it only count if it's members of Congress?

[BroadwayG 975]

4 minutes ago, BladeRunner said:

How often are we going to move the goalposts?  Does it matter if they are regular federal employees or does it only count if it's members of Congress?

I personally think an assault on the VP carries a bit more weight than a local postal carrier, but that's just my opinion. I'm clear on yours as well. Have a great Tuesday.

[BladeRunner 2,714]

1 minute ago, BroadwayG said:

I personally think an assault on the VP carries a bit more weight than a local postal carrier, but that's just my opinion. I'm clear on yours as well. Have a great Tuesday.

Thanks for the response, but I feel that regular people are just as important as members of Congress.

[JAA 2,789]

People who break the law must be held accountable.

Do we really need to keep repeating this?

[BladeRunner 2,714]

1 minute ago, JAA said:

People who break the law must be held accountable.

Do we really need to keep repeating this?

Nope.  I agree with you 1000%.  I just wish the left was consistent on that. 

As I've said repeatedly, what happened on Wednesday was terrible and should never happen.  I'm totally for bringing those responsible to justice - as I was for BLM/Antifa.

[JAA 2,789]

30 minutes ago, BladeRunner said:

33 minutes ago, JAA said:

People who break the law must be held accountable.

Do we really need to keep repeating this?

Nope.  I agree with you 1000%.  I just wish the left was consistent on that. 

As I've said repeatedly, what happened on Wednesday was terrible and should never happen.  I'm totally for bringing those responsible to justice - as I was for BLM/Antifa.

Is your expectation that everyone on the "left" is consistent?

Is it also your expectation that everyone on the "right" is consistent?

How about we stop labeling "left" and "right" and judge individual representatives on their actions?

Edited January 12 by JAA

[Sea Duck 1,467]

42 minutes ago, BladeRunner said:

How often are we going to move the goalposts?  Does it matter if they are regular federal employees or does it only count if it's members of Congress?

For sedition, Congress. That's the point entirely.

[BladeRunner 2,714]

23 minutes ago, Sea Duck said:

For sedition, Congress. That's the point entirely.

Hmmmm....is that specified somewhere?  Seriously, I don't know.

[The Commish 13,926]

If I try to kill the President, I will be charged with attempted murder.  I will also be charged with a myriad of other crimes against the country.  That's regardless of what kind of lawyer I get.  If I try to kill some doofus walking down the street, a good enough lawyer is going to get me charged with significantly less.  Hell, in some places like my state, I'd probably get off scott free via "stand your ground".  This notion that the "who" doesn't matter is completely rejected by our system of justice and the written law....of course the "who" matters.

[BladeRunner 2,714]

24 minutes ago, JAA said:

Is your expectation that everyone on the "left" is consistent?

Is it also your expectation that everyone on the "right" is consistent?

How about we stop labeling "left" and "right" and judge individual representatives on their actions?

Sure!  Let's go back to BLM/Antifa and track them down while we're at it! 

[BladeRunner 2,714]

1 minute ago, The Commish said:

If I try to kill the President, I will be charged with attempted murder.  I will also be charged with a myriad of other crimes against the country.  That's regardless of what kind of lawyer I get.  If I try to kill some doofus walking down the street, a good enough lawyer is going to get me charged with significantly less.  Hell, in some places like my state, I'd probably get off scott free via "stand your ground".  This notion that the "who" doesn't matter is completely rejected by our system of justice and the written law....of course the "who" matters.

Yeah, seems like you're stretching here.

If I try to kill someone I could still be charged with attempted murder.