On Tuesday, Twitter was abuzz with rumors of a hack of the social media platform Parler, favored by conservatives and allies of President Donald Trump. A screenshot of stolen files was posted and reposted as truth. But there was no hack of Parler. The screenshot was, by all appearances, spurious.
But in the midst of the rumors, an actual breach of Parler users' data did occur, when a third-party vendor's misconfigured cloud server was exploited by hackers, who say they grabbed significant user data. Parler, which is booming among right-wing users disenchanted with the big social networks and their approach to content moderation, has cited its privacy and security as a key differentiator.
Parler disputes the claims, and says only user profile pictures were exposed – and blames the vendor for the episode. But the vendor, who was fired by Parler over the incident, says entire user posts with names, content, and photos were swiped.
Here's how it all started. On Tuesday morning, Twitter users began sharing supposed proof of a Parler hack. Researchers quickly knocked down the claims, in part because they inexplicably showed a page from popular blogging platform WordPress as supposedly organizing the site's files.
But one of the Twitter users who saw the fake "proof" of a hack going around was Aubrey Cottle, founder of infamous hacker group Anonymous. He says he had previously discovered misconfigured cloud servers holding data from several companies including Parler, but was waiting for the right time to actually access that information.
"I felt this was the best time to pull the trigger on my findings for maximum impact," he messaged Business Insider on Wednesday.
Cottle tweeted of the real hacked data that "In total, there is approximately 6.3GB of user data from Parler in CSV format. The nature of this breach, however, is much more broad and involves hundreds of other properties as well."
Other researchers reviewed the data, and said it was significant. Security researcher John Jackson told Business Insider that passwords, photos, email addresses and "so much data it's not even funny" from several companies' users were included in the exposed data. Two other researchers who saw the data separately confirmed those findings to Business Insider.
But the researchers said the passwords in that data dump do not appear to be from Parler, and the company denies personal information was exposed.
Parler's CEO says that no personal information was leaked
Parler CEO John Matze initially denied that Parler had any security problems in a Tuesday interview with Fox News, telling the outlet that "all of our databases are hidden behind multiple layers of security and are not accessible via the web."
But that story changed. When reached by Business Insider on Wednesday, Matze confirmed that an email vendor for the social network had exposed data online, which he said he learned about Wednesday morning.
But he said he thought no private data from Parler users – which he said now number 11 million – was exposed, except profile pictures used in some of the emails.
"I think they got nothing about Parler users. The only thing they got was maybe any profile pictures of anybody that was in an email that we sent out to everybody. So it's public information anyway," Matze said.
Matze said he terminated Parler's contract with the email vendor, which he identified as digital marketing firm Political Media, of Washington, DC. Matze said Political Media was "using a home-built system. Originally we went with this company because they were a referral from somebody we knew."
Larry Ward, president of Political Media, disputed that. He called his operation "an enterprise-level, proprietary" content management system. He also gave a different account from Matze about Parler users' data being accessed.
"The breachers illegally accessed some of the website content" used to send out emails for his customers, Ward said. He said Parler users' posts – including names, profile pictures, and the content of their posts – were included in the data that was exposed and taken. Ward said what was taken, "as far as we know, was publicly available content." A digital forensics company is looking into the breach, he said.
But "publicly available" is a tricky phrase when referring to posts viewable by Parler's users, who intended them to remain on the platform. If you go to Parler's home page, you are asked to join in order to post and see content, and are advised that "Parler protects our community members' rights and privacy."
It appears to stem from a misconfigured Amazon Web Services server
So what Ward says was breached are the curated content of Parler's users, which were, researchers say, stored in a careless way in the cloud.
Researchers told Business Insider that an "open bucket" on the Amazon Web Services platform – what amounts to a poorly-configured cloud database – was exposing users' data.
While AWS provides companies with cloud infrastructure, it's largely up to customers themselves to ensure the security their files and servers. A misconfiguration in AWS was similarly the root of the big Capital One hack of 2019.
The researchers said the database appeared to include data from The Washington Examiner, among other organizations. Ward confirmed that The Washington Examiner is a customer, but declined to comment further about the news site.
The Washington Examiner did not immediately respond to a request for comment.
Researchers say the data contains personal information, but Parler's CEO insists otherwise
Researchers said the data, which was from multiple companies, was vast and did include personal information. Cottle detailed those findings in messages to Business Insider, stating that he found personal identifying information that appeared to be drawn from a backup of the domain news.parler.com.
Cybersecurity researcher Chris Vickery told Business Insider on Wednesday that it all seems to come from that backup, saying that he discovered the data published on the open internet in September.
Parler's CEO, for his part, steadfastly denied any personal data related to his site was exposed.
Parler CEO Matze said the Twitter uproar was due to users' "wishful thinking, and then everybody confirms the bias that they wish would be true." He said people cheered news of a Parler hack due to "negative press," which he said is "not telling the true story of what we're trying to do" by providing a platform free of the type of content moderation that marked Twitter and Facebook's approach during the election and before.
Matze said he feels "very confident" about Parler's security. "Obviously you can't be 100% certain, but I feel very confident. Especially when it comes to personal identifiable data."