The self-proclaimed “free speech” app, Parler, was hacked earlier this month, prior to its removal from existence. Nothing private was taken, only publicly available information, totaling around 60TB of data.
On January 6, 2021, the United States Capitol was ridden with protesters, activists, supporters of President Trump and rioters. Members of Congress and their staff hid in fear of their lives as people ransacked the building. The incident sparked a massive fire that the president was unable to extinguish as the House voted to impeach him for a historic second time on January 13. As the government launched investigations and put together paperwork, Big Tech was hard at work, too. President Trump has been banned from social media platforms on either a temporary or permanent basis, and the so-called “free speech” app, Parler, which is said to have a large number of conservative users, was removed from all platforms where it was available. However, before Parler was completely removed from the internet, a hacker was able to scrape the site and gather terabytes of data.
Parler became popular for conservatives after Twitter and Facebook continued to block or label posts made by President Trump. There was an outcry of censorship, and Parler filled that need. In truth, the platform was full of disinformation, hate speech and calls for violence. Not only was the information not censored, it also wasn’t well-protected. Initially, rumors said the site was hacked by exploiting a vulnerability in the site’s 2FA. While that eventually played a part when Twilio dropped their partnership with Parler, the real problem is that Parler lacked even the most basic security measures. The URLs of posts were even ordered by number, chronologically, which would have allowed for automated scraping.
What this means is that Parler wasn’t actually hacked. Someone noticed a hole and used it. Only public information was downloaded like posts, pictures and video. While some of those may have been deleted or shared privately, it was still accessible. What was not accessed was personal information like email addresses, credit card information or phone numbers, unless a user posted that information themselves.
So, what does this really mean? It’s not technically a hack, so could the group responsible be charged or not? Nothing personal was taken, the theft wasn’t done in secret (the person who started it kept updates on Twitter, where she later asked for help when Amazon said Parler was going to be taken down) and it’s information law enforcement will want to get their hands on when it’s made public.
Speaking of law enforcement, the courts are going to have a hayday trying to figure out if that information can be used as evidence. It wasn’t obtained by law enforcement in an illegal way, it will be public when they get it, someone else is responsible for that. But not all public information is admissible in court, just like not all stolen information is inadmissible, so it’s very likely going to be a judge’s decision.
The thing to take away from this is what can happen when you don’t have security. Many small and medium-sized businesses don’t employ any information security practices, and this is the danger they will run into. The difference for a small business is that a breach will likely turn up some sensitive information and then they’ll be on the hook for compliance fines, customer reparations, legal fees and loss of business which may put them out of business. Don’t be Parler. Secure your business, bring in an expert and tighten the hatches. Your business surely depends on it.