Parler suffers data leak before being taken offline

Hackers could combine leaked data with phishing emails to exploit users

Parler and Twitter app logos on a screen

Parler, the right-wing social media platform used in the recent insurrection at the Capitol, has been hit by a massive data-scrape campaign, resulting in 70TB of leaked data. 

According to a blog post by cyber security firm KnowBe4, hackers could use this leaked data, which included user profile data, admin rights data, videos, and live and deleted posts, to mount various nefarious campaigns aimed at Parler users.

“We anticipate that bad actors will fill the gap by launching phishing campaigns that offer users bogus web sites with fake, malicious Parler downloads or even malware-infected versions of Parler. They may also set up fake web sites and push malicious online advertising to do the same,” said Eric Howes, principal lab researcher at KnowBe4.

Before Parler went offline but after the website was no longer able to use phone or email verification, Twitter user @donk_enby collected 70TB of posts, messages, and videos. This is around 99.9% of all content ever posted to the site.

The breach was possible because the “forgot password” link that would normally require verification was no longer working. Anyone could then override this to log in to accounts that weren’t theirs. Once in, they could log in to accounts with administrator access and create new accounts, also with administrator access. Hackers used these accounts to dump data from the website.

Howes added that Parler-themed phishing emails could take at least two forms. First, spoofed Parler emails offering alternative download/install links. And second, fake right-wing/conservative emails denouncing Google and Apple’s actions and offering alternative download/install links.

“This massive haul of leaked data could allow malicious actors to individually target Parler users in spear phishing campaigns as well as all manner of online scams,” Howes warned.

Howes said his company had developed a handful of simulated phishing emails to be used by customers to test their staff. 

“In addition to using these new templates to phish your users, it would also be a good idea to alert your employees and users to the danger that they could be encountering phishing emails as well as fake web sites and deceptive online advertising offering them alternative download sources for Parler that, in reality, will be pushing malware instead,” he said.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Pixlr data breach exposes over 1.9 million user records
data breaches

Pixlr data breach exposes over 1.9 million user records

22 Jan 2021
Capcom data breach adds another 40,000 estimated victims
data breaches

Capcom data breach adds another 40,000 estimated victims

13 Jan 2021
United Nations suffers potential data breach
data breaches

United Nations suffers potential data breach

11 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021