Hacker exposes 99% of Parler messages and posts, including location data
January 13, 2021
By Kim Komando
To say Parler has had an eventful week would be the understatement of the year. First, Apple and Google booted it from their app stores. Then, an Amazon subsidiary deactivated the app, so you can’t find it anywhere.
Now, Parler is suing Amazon in retaliation. And if that weren’t enough, we’ve got some news that could make any former Parler users squirm in their seats. Before the site went dark, hackers swooped in and collected huge swaths of user data.
Then, they plopped down 70 terabytes of user information online. You can see every Parler post made during the Capitol riots. You can also find detailed user data — including videos and images with geolocation information.
If you were a Parler user, now anyone can see what you posted
Any personal information you posted to Parler is now up for grabs on the web. There’s no way to take it down. After all, it’s not like you can log in to your Parler account — by now, the whole app is toast.
Twitter user @donk_enby, who first announced the enormous data scrape, says it’s all for archival purposes. She also collected URLs of all videos uploaded to Parler. Here’s the link to metadata from all 30 terabytes of Parler videos.
Bottom line: If you uploaded any photos or videos to Parler, your data security is at risk. The hacker released unprocessed raw files as they were uploaded to Parler, including all the associated metadata.
Not sure what that means? Basically, online images have a whole host of secret data, which can be retrieved with the help of forensic tools.
A tenacious researcher can find the date and time of image capture, what time zone the photographer was in and even what type of smartphone was used. They could also find the geographical location the image was taken, including longitude and latitude. Tap or click here to see how people can retrieve your photo’s hidden data.
Since this information is now up for grabs by anyone on the internet, former Parler users are at a serious safety risk. Even if you never used the Twitter alternative, you can still learn a lot from this data leak.
Here are some big takeaways
Lesson number one: Never trust that the social media site you’re using is entirely safe. Even huge companies like Instagram have been busted for shady behavior. A while ago, iOS 14 exposed Instagram for activating users’ cameras without permission.
Creepy, right? Remember that you’re always taking a chance when using social media. Sure, some sites can be fun, but they’re also a gamble. Read through the privacy policy and make sure your data is safe.
If not, then look to lesson number two: Never post anything you don’t want to be exposed to the world. It’s easy to lose yourself in the false security of anonymity, but talented hackers can shatter that illusion like a hammer in a mirror.
If you’re worried about data breaches, follow these steps:
- Check HaveIBeenPwned to see if your data was found in a breach: Use a security checkup service like HaveIBeenPwned to see if your account email address was involved in any major data breaches. If your account was part of the leak, it’s time to change any passwords associated with that email address for any accounts that use it.
- Stronger passwords: Create stronger passwords for your accounts by combining letters (uppercase and lowercase), numbers and symbols. Make your passwords eight characters or longer, too. Try using a memorable phrase or song lyric and swapping letters for numbers. Tap or click here to see how to craft stronger passwords.
- Set up two-factor authentication: Activate 2FA on your accounts to give your data an extra bit of protection. Any login attempts will now require a text message or code to work. This means that your physical smartphone is now required to log in. Plus, you’ll be alerted when someone attempts to log in to your account without your permission. Tap or click here to set up 2FA for your favorite sites.
And last but not least, it might be worth making the switch to a private search engine. Sites like DuckDuckGo do not save your session information and make using the web much less creepy. Tap or click here for details on DuckDuckGo and other Google alternatives.
Another option you can take advantage of is a secure password manager
It can be tricky having to remember all of your different passwords. This is especially true when you have a 20-character code with multiple symbols and capital letters thrown in.
That’s why a password manager is so useful.
https://www.komando.com/tips/cybersecurity/parler-messages-exposed/