Security researchers say Amazon Web Services downloaded large amounts of information from the parlor before taking the service offline. The app, which has been popular with many supporters of US President Trump, has contained many posts, photos and videos since the January 6 attacks, and the social network has lost this information forever by multiple tech companies (including Google Play, Apple’s App Store and AWS). However, before this happened, security investigators claimed that 70 TB of data had been downloaded and leaked from a parlor being distributed online.
On Twitter, a researcher is going donk_enby Posted about extracting data from Parlor. According to them, a press release from Twilio, the B2B messaging provider, revealed the details of the parlor’s security partner, Okta, which also No contribution Parlor.
Coming soon Others found Parlor’s phone and email verification is no longer working and it is possible to create accounts in the parlor system as admin users. జ Reddit Post This is explained in more detail – in particular, a forgotten password link usually requires authentication. As the parlor’s communication tools did not work, researchers were able to bypass this and log into the accounts. If they can log into accounts with admin access, they can also create new accounts with admin access. These accounts were used to take data dump from the parlor By crowd sourcing here, Creating ‘Parlor tracker‘.
This has not been fully confirmed – there is no clear explanation as to whether these services have deteriorated, leading the parlor to compromise. It also mentioned a press release from Twilio that did not appear on the company’s press page. However, a huge amount of legitimate data is being shared – for security reasons researchers are likely to obscure the compromise.
However, in the opinion of the researchers, the data, including the deleted posts, were not deleted when the parlor posts were removed (according to their Twitter post), but the pointer to that post was removed. This is actually a very common practice in most cases, because the data is “inaccessible” to users for all practical purposes.
In the opinion of security researchers, video and image data still contain EXIF data (metadata such as time, date and location), and some other data verified account documents that they can collect – in the parlor, verified by uploading photos of their government IDs .
The researchers said the data could be used by law enforcement agencies to identify those involved in the Jan. 6 violence in Washington.