Parler, the right-wing social media platform used in the recent insurrection at the Capitol, has been hit by a massive data-scrape campaign, resulting in 70TB of leaked data.
According to a blog post by cyber security firm KnowBe4, hackers could use this leaked data, which included user profile data, admin rights data, videos, and live and deleted posts, to mount various nefarious campaigns aimed at Parler users.
“We anticipate that bad actors will fill the gap by launching phishing campaigns that offer users bogus web sites with fake, malicious Parler downloads or even malware-infected versions of Parler. They may also set up fake web sites and push malicious online advertising to do the same,” said Eric Howes, principal lab researcher at KnowBe4.
Before Parler went offline but after the website was no longer able to use phone or email verification, Twitter user @donk_enby collected 70TB of posts, messages, and videos. This is around 99.9% of all content ever posted to the site.
The breach was possible because the “forgot password” link that would normally require verification was no longer working. Anyone could then override this to log in to accounts that weren’t theirs. Once in, they could log in to accounts with administrator access and create new accounts, also with administrator access. Hackers used these accounts to dump data from the website.
Howes added that Parler-themed phishing emails could take at least two forms. First, spoofed Parler emails offering alternative download/install links. And second, fake right-wing/conservative emails denouncing Google and Apple’s actions and offering alternative download/install links.
“This massive haul of leaked data could allow malicious actors to individually target Parler users in spear phishing campaigns as well as all manner of online scams,” Howes warned.
Howes said his company had developed a handful of simulated phishing emails to be used by customers to test their staff.
“In addition to using these new templates to phish your users, it would also be a good idea to alert your employees and users to the danger that they could be encountering phishing emails as well as fake web sites and deceptive online advertising offering them alternative download sources for Parler that, in reality, will be pushing malware instead,” he said.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
