GETTR suffers data breach and multiple profiles defaced: Twitter clone data scraping leaves more than 87,000 user profiles exposed

GETTR
Twitter clone suffers massive data scraping as it exits beta. Pic credit: YouTube Screenshot/GETTR

Social media platform GETTR has suffered a rather massive data ‘breach’ akin to LinkedIn. Two separate hackers have used simple data scraping tools to abuse the platform and collated information on more than 87,000 members.

GETTR is a new “pro-Trump” social media platform that former Trump advisor Jason Miller created. The micro-blogging network is a concerning mess with multiple defaced accounts of “verified” members.

Multiple details about GETTR members now openly available on a hacking forum:

Hackers have reportedly managed to collate information on 87,973 GETTR members. Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock has confirmed the information appears authentic.

GETTR is quite new to the social media scene. The app went live in the Apple App Store and Google Play Store last month, but exited beta yesterday, on the American Independence Day.

The platform gained popularity after multiple social media platforms banned Mr. Donald Trump after he was ousted by Joe Biden. The ex-President of the United States has found several supporters on GETTR. In fact, several social media users have already labeled the platform pro-Trump.

 

View this post on Instagram

 

A post shared by Jason Miller (@jasonmillerindc)

It now appears a group of hackers discovered and abused an unsecured Application Programming Interface (API). The API exploitation allowed them collect or “scrape” information on 87,973 GETTR members.

After compiling the information, the hackers published the data on a well-known hacking forum that regularly hosts databases stolen during data breaches.

Concerningly, another hacker reportedly found another unsecured API to scrape public profile data of GETTR users. It seems the platform’s creators have secured the API, but the damage seems to have been done.

The data scraping incident has exposed a member’s email address, nickname, profile name, birth year, profile descriptions, avatar URL, background images, location, personal website, and other internal site data.

It is important to note that nearly all the information that appears in the “breach” is already in the public domain. However, a GETTR user’s profile, a user’s email address, location, and birth year aren’t openly available to all.

 Several official ‘verified’ GETTR accounts vandalized:

Over the fourth of July weekend, hackers vandalized several official GETTR accounts. Some hackers managed to comprise the accounts and plastered irrelevant information.

Reports also indicate the platform is flooded with fake accounts masquerading big tech giants. Incidentally, the platform is nearly identical to Twitter. GETTR’s creators clearly modeled the same on the micro-blogging network.

The platform encourages new users to use their Twitter handle in the sign-up process. GETTR even promises to bring over the Tweets of the new member, but the process is reportedly glitchy.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x