Parler suffers data leak before being taken offline

Hackers could combine leaked data with phishing emails to exploit users

Parler and Twitter app logos on a screen

Parler, the right-wing social media platform used in the recent insurrection at the Capitol, has been hit by a massive data-scrape campaign, resulting in 70TB of leaked data. 

According to a blog post by cyber security firm KnowBe4, hackers could use this leaked data, which included user profile data, admin rights data, videos, and live and deleted posts, to mount various nefarious campaigns aimed at Parler users.

“We anticipate that bad actors will fill the gap by launching phishing campaigns that offer users bogus web sites with fake, malicious Parler downloads or even malware-infected versions of Parler. They may also set up fake web sites and push malicious online advertising to do the same,” said Eric Howes, principal lab researcher at KnowBe4.

Before Parler went offline but after the website was no longer able to use phone or email verification, Twitter user @donk_enby collected 70TB of posts, messages, and videos. This is around 99.9% of all content ever posted to the site.

The breach was possible because the “forgot password” link that would normally require verification was no longer working. Anyone could then override this to log in to accounts that weren’t theirs. Once in, they could log in to accounts with administrator access and create new accounts, also with administrator access. Hackers used these accounts to dump data from the website.

Howes added that Parler-themed phishing emails could take at least two forms. First, spoofed Parler emails offering alternative download/install links. And second, fake right-wing/conservative emails denouncing Google and Apple’s actions and offering alternative download/install links.

“This massive haul of leaked data could allow malicious actors to individually target Parler users in spear phishing campaigns as well as all manner of online scams,” Howes warned.

Howes said his company had developed a handful of simulated phishing emails to be used by customers to test their staff. 

“In addition to using these new templates to phish your users, it would also be a good idea to alert your employees and users to the danger that they could be encountering phishing emails as well as fake web sites and deceptive online advertising offering them alternative download sources for Parler that, in reality, will be pushing malware instead,” he said.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Neiman Marcus data breach hits 4.6 million customers
data breaches

Neiman Marcus data breach hits 4.6 million customers

4 Oct 2021
Facebook pauses work on Instagram Kids
social media

Facebook pauses work on Instagram Kids

27 Sep 2021
Are you over-sharing online?
social media

Are you over-sharing online?

1 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021