DJ Sundog - from the toot-lab

Good morning to everyone who has no fear that a nation-state actor has seized evidence of criminal activities from their parler account.

:blobpats:

1+
DJ Sundog - from the toot-lab

hmm, wonder if the asshats at parler are going to notify their users that there has been a serious data breach as is required under the GDPR...they only have a few days to comply iirc

Show thread
1+
KemoNine
@djsundog what happened to them now?
1
DJ Sundog - from the toot-lab
Follow

@kemonine archiveteam scraped them before they went down and got ~70TB of data, including unredacted exif data and, from what I'm hearing, photo IDs

· · 1 · 2 · 7
KemoNine
@djsundog holy crap ; how'd archive team get that kind of data? IIRC they skew to only publicly accessible info and link webs
1+
DJ Sundog - from the toot-lab

@kemonine apparently parler's api went deeeeep lol

1
KemoNine
@djsundog 🤦
0
Alexander Bochmann

@kemonine @djsundog My understanding of the reporting is that Archive Team wasn't involved as such - it was just their software that was being used to scrape the data.

Apparently the attackers created lots of admin accounts that were then used to access whatever was reachable to those.

1
KemoNine
@galaxis

How the hell did they create admin accounts?

@djsundog
1
Alexander Bochmann

@kemonine They were booted by their authentication service, and apparently some of their backend wasn't prepared to deal with the failure modes resulting from that. From what I've read, the password reset function just accepted any new password, which was used to gain initial access to an account with admin privileges.

@djsundog

1
KemoNine
@galaxis

*sigh*

@djsundog
0
Sign in to participate in the conversation
reclaim.technology

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Trending now

Resources

Developers

What is Mastodon?

toot-lab.reclaim.technology

More…