Exposing the Riot — Parler API Mistakes
Don’t be an amateur. Protect your customer data
The January 6th Storming of the United States Capitol was a horrifying experience. The attempt to overturn the election and the violence that followed was something that the entire world tuned into.
In the days that followed, the “Free Speech” (not “Free from Consequence”) platform Parler was removed from the App Stores and had its hosting suspended by Amazon AWS.
Parler was a Twitter-clone that encouraged “free speech”. Users were able to write whatever they wanted to their followers without fear from being blocked by the Parler moderators.
Many thousands of people used this platform to plan, organise, broadcast and support the attack on the Capitol.
But, Parler had a secret. Its API and the gateway to the content hosted on there had several major flaws. Twitter user @donk_enby was able to download the entire Parler database (70 Terabytes), containing:
- All Public Posts
- All Photos / Videos Posted
- GPS Locations of users
