GETTR leaks email addresses and user details in API security snafu
A hacker has leaked non-public information from GETTR, a new social media platform launched by members of Donald Trump's team earlier this month.
The data was collected in two batches, on July 1 and July 5, and dumped on a publicly accessible hacking forum known as RAID, a place where hacked data has often been made available for download for free.
According to copies of the leaked file and the leaker's claims, the first batch of the stolen data was collected by scraping the site, while the second, and more bulky leak, was assembled by abusing unprotected GETTR API endpoints.
Samples analyzed by The Record earlier today included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user's email address, birth year, and location information.
Per a sample of the leaked data seen by The Record, the following header fields were included for the leaked data:
udate, _t, _id, nickname, email, username, ousername, birthyear, dsc, status, pinpsts, cdate, lang, ico, bgimg, location, website, flw, flg, lkspst, lkscm, shspst, blocked, muted
The leaked data was authentic, according to checks performed by The Record. Requests for comment sent to two generic email addresses listed on the official GETTR website were not returned.
In total, data for 90,065 users was included in a file shared on RAID on Monday, July 5.
News of the API leak comes after the site got to a bumpy launch. On July 4, a hacker breached the GETTR site and defaced multiple accounts for high-profile Republican figures, including those of former Secretary of State Mike Pompeo, Georgia Rep. Marjorie Taylor Greene, former Trump campaign chief Steve Bannon, and Jason Miller, the former Trump spokesperson Gettr's founder, according to a report from The Wrap.
Jason Miller's new right-wing social media site "Gettr" was hacked this morning. pic.twitter.com/cncddw9RZ9— Zachary Petrizzo (@ZTPetrizzo) July 4, 2021
Bumpy site launches are a common occurrence, and incidents like these have impacted many other services before, and especially those serving the far-right US political scene.
Gab, another pro-Trump social media platform, also suffered a similar breach that exposed its members' data in March this year.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.