IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Parler suffers data leak before being taken offline

Hackers could combine leaked data with phishing emails to exploit users

Parler and Twitter app logos on a screen

Parler, the right-wing social media platform used in the recent insurrection at the Capitol, has been hit by a massive data-scrape campaign, resulting in 70TB of leaked data. 

According to a blog post by cyber security firm KnowBe4, hackers could use this leaked data, which included user profile data, admin rights data, videos, and live and deleted posts, to mount various nefarious campaigns aimed at Parler users.

“We anticipate that bad actors will fill the gap by launching phishing campaigns that offer users bogus web sites with fake, malicious Parler downloads or even malware-infected versions of Parler. They may also set up fake web sites and push malicious online advertising to do the same,” said Eric Howes, principal lab researcher at KnowBe4.

Before Parler went offline but after the website was no longer able to use phone or email verification, Twitter user @donk_enby collected 70TB of posts, messages, and videos. This is around 99.9% of all content ever posted to the site.

The breach was possible because the “forgot password” link that would normally require verification was no longer working. Anyone could then override this to log in to accounts that weren’t theirs. Once in, they could log in to accounts with administrator access and create new accounts, also with administrator access. Hackers used these accounts to dump data from the website.

Howes added that Parler-themed phishing emails could take at least two forms. First, spoofed Parler emails offering alternative download/install links. And second, fake right-wing/conservative emails denouncing Google and Apple’s actions and offering alternative download/install links.

“This massive haul of leaked data could allow malicious actors to individually target Parler users in spear phishing campaigns as well as all manner of online scams,” Howes warned.

Howes said his company had developed a handful of simulated phishing emails to be used by customers to test their staff. 

“In addition to using these new templates to phish your users, it would also be a good idea to alert your employees and users to the danger that they could be encountering phishing emails as well as fake web sites and deceptive online advertising offering them alternative download sources for Parler that, in reality, will be pushing malware instead,” he said.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022