The data of almost 90,000 members of GETTR was compromised when hackers abused an unsecured API, scraped data, and shared it on a hacker forum.
GETTR is a new social media platform created by Jason Miller, a former Trump advisor and spokesman. It is designed to replace Twitter after the popular social media platform restricted Donald Trump’s account.
A group of hackers scraped the data of 87,973 GETTR members through an unencrypted API.
After compiling the information, the hackers published it to a well-known forum widely used by groups to share stolen databases.
One hacker themselves said they used an unsecured API to scrape the public profile data of some users of GETTR, but it was later secured. Then other members of the hacking forum discovered another unsecured API that allowed unauthorized access to a member’s private information like a member’s private email address and birth year.
From the data that BleepingComputer saw, the hackers collected various details about GETTR users: a member’s email address, nickname, profile name, birth year, profile descriptions, avatar URL, background images, location, personal website, and other internal site data.
Some leaked information, such as email address, location, and birth year is not publicly available and is only available to owners of the GETTR profile.
Such information can be used by attackers to conduct argeted phishing attacks to gather additional sensitive information such as passwords.
All users of GETTR should be on the lookout for fraudulent emails that claim to be from the platform. These emails may ask for your credentials and provide a link to enter them but you should only do so if after verifying that the email indeed came from GETTR.
