Posted on July 8, 2021 at 6:02 PM

GETTR Suffers Another Blow As Hacker Steals Details of 90,000 Users

Recent reports revealed that threat actors have reportedly stolen the information and email addresses of about 90,000 Gettr users.

This has contributed to the rough start the pro-Trump social media platform is suffering. The platform has already been the target of other forms of nuisances, including pornographic images, memes, and hacks.

The hacker allegedly responsible for the incident posted a database to an online forum and claimed to have scraped the details from accounts of several Gettr users. The data, examined by Motherboard, contains usernames, locations, statuses, and email addresses.

The stolen data has been verified

Motherboard also confirmed the data, noting that it has connected one of the emails on the darknet forum to an account registered with Gettr.

Also, it tried setting up new Gettr accounts with some of the emails and got messages that the emails were already registered.

However, it hasn’t been proven whether the database has the details and email addresses of all the registered users on the site. The stolen data was first discovered by the chief technology officer of Hudson Rock, Alon Gal.

According to him, the hackers took advantage of the poor API the Gettr social media platform implemented. It enabled the hackers to scrape names, bios, usernames, and birthdays from the site. Generally, the emails were kept private, but the exposure on the darknet has placed the affected users at risk of further exploitation.

Gettr was launched officially on July 4, but it seems the operators were not yet prepared as it left several security flaws for hackers to exploit.

The social media platform was launched by Jason Miller, Trump’s former spokesperson. According to him, the platform is an alternative to “cancel culture.” Unfortunately, threat actors were waiting for the site to go live before pouncing. They exploited the vulnerability and got what they want.

As a result of the bug, the threat actors were able to verify users’ accounts, which included the likes of Newsmax, mike Pompeo, Marjorie Taylor-Greene, and Steve Bannon.

The user who posted the data stated that Gettr was able to fix the initial vulnerability he exploited in the attack. However, he said it was still possible to scrape user data from individual accounts.

When contacted for a response to the incident, Gettr did not immediately respond to the request on the email breach.

The recent attack shows that hackers are prepared to pounce on a new site and explore for vulnerabilities. It’s a reminder that site developers need to carry out a comprehensive analysis of the risk situation before making the site go live.

Site attacked shortly after launch

Gettr’s launch has been marred by series of issues. Soon after the site was rolled out, a threat actor infiltrated the system and defaces some of the most important users of the site, including Jason Miller.

The hacker stated that he targeted the site just for fun, adding that it was very easy to target and infiltrate.

He advised that the developers should not launch the site if they had not made sure everything is set.

Security researchers also warned that Gettr’s API was not properly programmed. They complained that the site is loaded with bugs that can allow hackers to exploit and steal information.

Last week, Zack Whitaker, a cybersecurity reporter, stated that someone may scrape all the platform’s website content. While no one has been able to scrape all the contents on the site, the emails of tens of thousands of its users have now been exposed.

Jason Miller, who is Gettr’s Chief Executive Officer, has commented on the incident. He stated that Gettr doesn’t collect personal information from users when they are registering their accounts.

“Unlike other social media platforms, we are not interested in selling any data about our users,” he added.

Miller stated that the platform does not take cybersecurity likely and has taken additional measures to protect the accounts of its users.