Security researchers claim to have downloaded a huge amount of information from Parler before the service was taken offline by Amazon Web Services. The app, which was popular with many supporters of US President Trump, contained many posts, photos, and videos from the January 6 attack, and after the social network got deplatformed by multiple tech companies (including Google Play, Apple’s App Store, and AWS) this information would have been lost forever. However, before that happened, security researchers claimed to have downloaded and leaked around 70TB of data from Parler, which is being distributed online.
On Twitter, a researcher going by donk_enby posted about capturing data from Parler. According to them, a press release from Twilio, a B2B messaging provider, revealed the details of Parler’s security partner Okta, which also said it will not support Parler.
Soon others found that Parler’s phone and email verification were no longer working, and that it was possible to create accounts in Parler’s system, as admin users. A Reddit post explained this in more detail — essentially, the Forgot password link would normally require verification. But because Parler’s communications tools were not working, researchers were able to override this and log into accounts. And once they were able to log into accounts with administrator access, they were able to create new accounts, also with administrator access. These accounts were then used to take data dumps from Parler through crowdsourcing here, creating a ‘Parler tracker‘.
This is not fully verified — there’s no clear explanation about whether these services being down is what led to Parler being compromised. It also mentions a press release from Twilio which is not visible on the company’s press page. However, huge amounts of data that appear legitimate are being shared — it’s possible that the researchers have obfuscated the way it was compromised for security reasons.
However, according to the researchers, the data including deleted posts, because (according to their Twitter post) Parler did not actually delete posts when they were removed, but simply removed the pointer to that post. This is actually a fairly common practice in many scenarios, as the data is for all practical purposes “inaccessible” to users while doing this.
According to the security researchers, video and image data still has EXIF data (metadata of things like time, date, and location), and some of the other data they’ve been able to gather is the Verified Accounts documents — on Parler, users that are verified have done so by uploading photos of their government IDs.
The researchers said that this data could be useful to law enforcement who want to identify the people that took part in the violence in Washington on January 6.