Parler Wasn’t Hacked, but That Doesn’t Mean It’s Safe to Use.
Last night, Twitter caught fire with claims of a hack on the social network Parler, which is gaining popularity among Trump supporters, especially after the election . Parler CEO John Matze took the lead today, firmly denying the allegations , but rumors continue to circulate online. Some say the leak was duplicated ( Snopes called the allegations false ), while others are adamant that more terrifying information will be revealed soon. As long as the confusion, we are left to ask: Do Parler really been hacked?
Based on the data available at the moment, probably not, but there are still security issues that we need to address.
Let’s start with the alleged hack.
The rumor arose from a now deleted tweet by concept artist Kevin Abosch. In the past, Ebosch has used tweets as part of art projects and this seems to be another one.
Before it became clear who Ebosh was and that the tweet was most likely a gimmick, Twitter users quickly spread it through retweets and screenshots. As it spread, several journalists and cybersecurity professionals have delved into allegations of hacks and the “evidence” to support them. They confirmed that the database that was allegedly attacked is linked to Parler, but in fact it is the WordPress magazine for Parler’s official blog, which was hacked in July but is no longer compromised. This blog did not contain user data.
However, in parallel with the denied WordPress magazine, there are claims of a separate security vulnerability that compromised more than 6.3 GB of Parler user data obtained from one of its advertising partners. These allegations come from several security researchers on Twitter, including Joe Biden’s presidential campaign cybersecurity chief Jackie Singh and Shutterstock application security engineer John Jackson , among others. These claims are accompanied by an announcement of a plan to disclose their results within the next 1-2 weeks. They also clearly point out that the issue is still not a hack; security researchers simply discovered and investigated the alleged vulnerability. However, it added fuel to the burglary claims.
To sum up: there is no evidence that Parler was hacked, but it seems that there are serious problems with the way Parler processes its user data, that only emphasizes that Parler data leakage can be much more destructive than your average leak …
Parler’s whole trick is that it’s a “free speech” social media platform and aggressively courting right-wing users (who often go there to trade far-right conspiracy sites like Twitter and Facebook, which label to be false or misleading). These users like Parler because they can express their opinions “without fear of de-platforming” (provided they do not go beyond Parler’s terms of service ).
Ironically, this freedom means that anyone can impersonate another user in Parler without much consequence. To prevent this problem from occurring, you can register for an “influencer” account – a version of Parler’s verified users – that will help you stand out from the crowd (and potential doppelgangers). But to get this status, you need to provide your Social Security number, which allows Parler to verify your identity.
Parler declares that its user data is securely stored and that it deletes social security numbers and other identifying information after verifying users. But even if Parler is honest about its data policy and keeps your information safe, simply providing a Social Security number poses a serious risk.
Companies constantly mishandle user data, and this information can easily slip away somewhere – for example, through an improperly secured third-party server.
It also opens up the possibility of fraud and identity theft for users in other ways.
Phishing campaigns use fake social media login pages or deceptive confirmation emails to trick users into passing in passwords and sensitive data. If someone thinks that giving Parler your Social Security number is standard practice, they are more likely to inadvertently share it with the wrong people.
I know I won’t convince Parler of a single user firmly convinced of the ideals of the platform that using it is a bad idea, but if you are concerned about data privacy and identity theft at all, definitely do not give your social security number to the service. or any other personal data. If you’re just curious about the platform, I suggest staying out of the way.