Hackers managed to scrape data from the new social medium Gettr, which was set up by former employees of Donald Trump’s campaign. The company’s API was poorly secured and could be used to scrape email addresses of nearly 90,000 users.
Security researcher Alon Gal discovered the dump of data on a forum. It would contain data from more than 85,000 users of Gettr , a new social network founded by Jason Miller, an adviser to former President Donald Trump. Users can post short messages, with which Gettr presents itself as a counterpart to Twitter.
The data dump was compiled by querying the network’s api. In this way, the names and e-mail addresses behind usernames could be traced. Gal himself says that it is not so much a data breach, but a wrong implementation of the api.
Later, however, other hackers found more information from network users, who came from a different, poorly secured api. It was also possible to request e-mail addresses behind accounts, along with much more information that is otherwise publicly available, such as dates of birth, profile descriptions, avatars, background photos, websites and various dates from Gettr itself.
Gettr says the incident is being exaggerated. On Twitter, the medium states that it was just one infringement that was discovered shortly afterwards and has been repaired. The network says it ‘takes cybersecurity seriously’ and that it has therefore engaged a security company.
