#Fail: Hackers Scrape 90,000 User Emails From Right Wing Social Media Platform GETTR Due To “Neglectful API Implementations”

Just days after its launch, hackers have already found a way to take advantage of GETTR’s buggy API to get the username, email address, and location of thousands of users. Motherboard reports:

Hackers were able to scrape the email addresses and other data of more than 90,000 GETTR users. On Tuesday, a user of a notorious hacking forum posted a database that they claimed was a scrape of all users of GETTR, the new social media platform launched last week by Trump’s former spokesman Jason Miller, who pitched it as an alternative to “cancel culture.” The data seen by Motherboard includes email addresses, usernames, status, and location. One of the people whose email is in the database confirmed to Motherboard that they are indeed registered to GETTR. Motherboard also verified the database by attempting to create an account with three email addresses that appear in the database. When doing that, the site displayed the message: “The email is taken,” suggesting it’s already registered. It’s unclear if the database contains the usernames and email addresses of all users on the site. 

This is a total #Fail. Here’s why:

Alon Gal, the co-founder and CTO of cybersecurity firm Hudson Rock, found the forum post with the database. 

Gal argued that this incident should be considered a data breach.

“When threat actors are able to extract sensitive information due to neglectful API implementations, the consequence is equivalent to a data breach and should be handled accordingly by the firm and to be examined by regulators,” he told Motherboard in an online chat. 

This should be lesson as to how not to do things. If you’re going to create an alternative social media platform, and it’s one that is guaranteed attract attention, make sure everything is secure. Otherwise you’ll you’ll look like a loser when you get pwned by hackers. As is the case here. The people behind this social media platform should be embarrassed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: