Social media platform GETTR has suffered a rather massive data ‘breach’ akin to LinkedIn. Two separate hackers have used simple data scraping tools to abuse the platform and collated information on more than 87,000 members.
GETTR is a new “pro-Trump” social media platform that former Trump advisor Jason Miller created. The micro-blogging network is a concerning mess with multiple defaced accounts of “verified” members.
Multiple details about GETTR members now openly available on a hacking forum:
Hackers have reportedly managed to collate information on 87,973 GETTR members. Alon Gal, co-founder and CTO of cybersecurity firm Hudson Rock has confirmed the information appears authentic.
Threat actors were able to take advantage of bad API implemented on Trump's recent social media platform, Gettr (@GettrOfficial).
This allowed them to extract usernames, names, bios, bdays, but most importantly, the emails which were supposed to be private, of over 85,000 users. pic.twitter.com/NsKyz9zHmQ
— Alon Gal (Under the Breach) (@UnderTheBreach) July 6, 2021
GETTR is quite new to the social media scene. The app went live in the Apple App Store and Google Play Store last month, but exited beta yesterday, on the American Independence Day.
The platform gained popularity after multiple social media platforms banned Mr. Donald Trump after he was ousted by Joe Biden. The ex-President of the United States has found several supporters on GETTR. In fact, several social media users have already labeled the platform pro-Trump.
View this post on Instagram
It now appears a group of hackers discovered and abused an unsecured Application Programming Interface (API). The API exploitation allowed them collect or “scrape” information on 87,973 GETTR members.
After compiling the information, the hackers published the data on a well-known hacking forum that regularly hosts databases stolen during data breaches.
Hackers steal info of 90,000 users on Jason Miller's Gettr social network https://t.co/uaFxiuOpzD
— The Daily Beast (@thedailybeast) July 6, 2021
Concerningly, another hacker reportedly found another unsecured API to scrape public profile data of GETTR users. It seems the platform’s creators have secured the API, but the damage seems to have been done.
#GETTR reaches #1 in the Google Play Store!!! pic.twitter.com/Jra2XrmM3N
— Jason Miller (@JasonMillerinDC) July 6, 2021
The data scraping incident has exposed a member’s email address, nickname, profile name, birth year, profile descriptions, avatar URL, background images, location, personal website, and other internal site data.
It is important to note that nearly all the information that appears in the “breach” is already in the public domain. However, a GETTR user’s profile, a user’s email address, location, and birth year aren’t openly available to all.
Several official ‘verified’ GETTR accounts vandalized:
Over the fourth of July weekend, hackers vandalized several official GETTR accounts. Some hackers managed to comprise the accounts and plastered irrelevant information.
Jason Miller's new right-wing social media site "Gettr" was hacked this morning. pic.twitter.com/cncddw9RZ9
— Zachary Petrizzo (@ZTPetrizzo) July 4, 2021
Reports also indicate the platform is flooded with fake accounts masquerading big tech giants. Incidentally, the platform is nearly identical to Twitter. GETTR’s creators clearly modeled the same on the micro-blogging network.
The platform encourages new users to use their Twitter handle in the sign-up process. GETTR even promises to bring over the Tweets of the new member, but the process is reportedly glitchy.