The hackers reportedly leveraged an unsecured API to scrape the users’ public profile data, which was later posted on a hacking forum. The API in question has since been secured. The hackers also discovered another API that was used to scrap further information. The scrapped information included email addresses, nicknames, profile name, birth year, profile descriptions, avatar URL, background images, location, personal website, and other internal site data. The platform has had a turbulent start after users were unable to sign up smoothly after it was compromised during the July 4 launch. The severity of the hack was evident after it emerged some of the platform’s popular and verified accounts were compromised. Accounts belonging to Mike Pompeo, Steve Bannon, Marjorie Taylor-Greene, Harlan Hill, Sean Parnell were also affected. All the affected account’s profiles were changed to show the same message: “@JubaBaghdad was here :).” The majority of the profiles later returned to their previous state. The hacker reportedly claimed that the hack was for fun and carrying it out was easy from a technical standpoint.
Experts warning
Interestingly, on the day of the platform’s launch, security experts warned that GETTR’s API was poorly programmed with several bugs. Former Donald Trump spokesperson Jason Miller founded GETTR as an alternative to Twitter. GETTR carries similar features to Twitter like the trending section, follow other accounts, like posts, and upload pictures and videos. The apps for the site are available for download on Play Store and App Store. The launch followed Trump’s early 2021 Twitter suspension. Besides Twitter, Trump was also suspended on Facebook and YouTube. In response, the former U.S. President is now suing the companies and their respective executives. According to Trump, the tech giants have violated his First Amendments rights. [robinhood]
