Former Trump spokesman Jason Miller’s Twitter alternative GETTR was breached before the platform could officially launch.
The site was also hacked and defaced on the Fourth of July.
Usernames, email addresses and locations of thousands of users were scraped and provided to leftist journalists at Vice.
The targeting of the website is similar to the recent hack of another pro-free speech platform, Gab. User data and records following that hack were also provided to left wing journalists.
Threat actors were able to take advantage of bad API implemented on Trump's recent social media platform, Gettr (@GettrOfficial).
This allowed them to extract usernames, names, bios, bdays, but most importantly, the emails which were supposed to be private, of over 85,000 users. pic.twitter.com/NsKyz9zHmQ
— Alon Gal (Under the Breach) (@UnderTheBreach) July 6, 2021
Alon Gal, the co-founder and CTO of cybersecurity firm Hudson Rock, told Vice News that this should be considered a “data breach.”
“When threat actors are able to extract sensitive information due to neglectful API implementations, the consequence is equivalent to a data breach and should be handled accordingly by the firm and to be examined by regulators,” he told Motherboard in an online chat.
On the Fourth of July, someone also hacked into the platform and used it to deface the pages for some of the most prominent figures who had joined, including Jason Miller himself, former CIA director Mike Pompeo, former Trump advisor Steve Bannon, and pro-Trump congresswoman Marjorie Taylor Greene.
The hacker told Insider that he targeted the site “just for fun.”
Currently, there seems to be little effort being made to catch the activist hackers responsible for these attacks, which hasn’t previously been the case.
In 2011, Andrew Auernheimer, better known as Weev, was charged with identity theft and conspiracy to violate the Computer Fraud and Abuse Act after finding a vulnerability on AT&T’s website that allowed him to see the email addresses of roughly 100,000 iPad users. He was sentenced to 41 months in prison and ordered to pay $73,000 in restitution before his conviction was vacated.
It is currently unclear if there is a criminal investigation into the incidents.
Vice reports, “Last week, cybersecurity reporter Zack Whittaker predicted that someone would soon scrape all the website’s content. For now, no one has scraped all the content on the site—at least that we know—but tens of thousands of GETTR users have now had their email addresses exposed.”
One can’t help but wonder if this whole ordeal, the way it is being reported included, is an effort to scare people away from joining platforms that will be less likely to censor. Currently, left wing journalists and activists have been having a very high success rate silencing people who they deem to be politically problematic on the giants like Facebook and Twitter.
New platforms, and existing ones like Gab, will be far less likely to bow to a mobs demands.
For corrections, please email [email protected]