General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMore on the Parler Hack. (Miscellaneous chaos)
Parler has been compromised. DM's as well as SSN's and other ID leaked (twitter.com/kevinabosch)
4 points by fooey 37 minutes ago | hide | past | favorite | 6 comments
fooey 36 minutes ago []
Here's an additional source with an ENV dump
Link to tweet
reply
slondr 21 minutes ago []
Am I missing something? I don't see anything about SSNs here
reply
newacct583 10 minutes ago []
Someone posted a link to a Parler influencer agreement document which said they would ask for things like government IDs. It's entirely unclear if they ever took that data or if was available via this database. But... yeah, this is the whole Parler site it looks like.
reply
ev1 25 minutes ago. []
Why in the absolute fuck is Parler requesting any form of PII/PCI data?
reply
fooey 22 minutes ago. []
For "Verified" accounts
reply
https://news.ycombinator.com/item?id=25203846
Link to tweet
Text: BREAKING: There was just a #parlerhack, this was publicly available and unencrypted on their public API endpoint. Not sure what they've changed yet, although expect a ton of data shortly, we will post updates. #ParlerLeaks
Link to something called an ENV Dump (DU computer and tech experts needed here!)
https://archive.ph/Mll5H
Sample from the ENV Dump:
# Database Configuration
define( 'DB_NAME', 'wp_parler' );
define( 'DB_USER', 'parler' );
define( 'DB_PASSWORD', 'hIP9PEV6u1GXfG4F8jEA' );
define( 'DB_HOST', '127.0.0.1' );
define( 'DB_HOST_SLAVE', '127.0.0.1' );
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
$table_prefix = 'wp_';
# Security Salts, Keys, Etc
define('AUTH_KEY', '@,*9_voP3sKC3z&&P}[(-h2#UOM_0]*[02%]MW:h7}L,G.IN1j@bKY0ohOqH');
define('NONCE_KEY', 'E@V!WK#Z0h%ZRs5dRg?7!orCFbGAUWLXxf3|:55g(++`$CQVc53n7]U}}]ck5{;l');
define('AUTH_SALT', '+!5MfxQ7]x >FNiuS|/c:nX yG=ksoW)+jZbgjogXQar)*,&HY>{|*v8pBA;$|-w');
define('SECURE_AUTH_SALT', '+bq>0u,c^1#[7l1#|R+7-[;$iw>3sQ@N|^l>x7-eci(>}');
# Localized Language Stuff
define( 'WP_CACHE', TRUE );
define( 'WP_AUTO_UPDATE_CORE', false );
define( 'PWP_NAME', 'parler' );
define( 'FS_METHOD', 'direct' );
define( 'FS_CHMOD_DIR', 0775 );
define( 'FS_CHMOD_FILE', 0664 );
define( 'PWP_ROOT_DIR', '/nas/wp' );
define( 'WPE_APIKEY', 'a1495db2888c2a21d556a9d9d0617935fbb5be57' );
define( 'WPE_CLUSTER_ID', '151738' );
define( 'WPE_CLUSTER_TYPE', 'pod' );
define( 'WPE_ISP', true );
define( 'WPE_BPOD', false );
define( 'WPE_RO_FILESYSTEM', false );
define( 'WPE_LARGEFS_BUCKET', 'largefs.wpengine' );
octoberlib
(14,971 posts)datamining. Who in the hell would give this site their SSN ?
underpants
(182,950 posts)I thought it was strange when DU wanted a stool sample from but SSN? No way.
cwydro
(51,308 posts)Seems a very poor decision.
brooklynite
(94,792 posts)...when I set up my account, it was just the usual name and email address.
cwydro
(51,308 posts)I didnt know you were one of those who joined.
I was thinking of some others, but at any rate, thats good to hear that no one was giving SSN info etc.
These reports of a hack all seem to imply that people had to provide extensive personal info.
Mike 03
(16,616 posts)I've never been asked for my SSN by a website, never, not Amazon, Twitter, etc...
ace3csusm
(969 posts)Why in the absolute fuck is Parler requesting any form of PII/PCI data?
reply?
Because they are a russsian site ....
Mike 03
(16,616 posts)Two key areas of data compliance revolve around Payment Card Industry (PCI) and Personally Identifiable Information (PII). ... PII data includes such things as social security numbers, date of birth, personal health information, and other data that can identify an individual.
https://sherpasoftware.com/blog/finding-pci-pii-in-your-organization/
I didn't know either; I had to look it up.
gollygee
(22,336 posts)and they're giving their social security numbers out for a social networking site?
Blue_true
(31,261 posts)They are screwball that got their asses in a sling now.
ego_nation
(123 posts)Without question.
Eugene
(61,965 posts)would come for a site with social security numbers.
turtleblossom
(504 posts)Did they forget to chmod something????
If the IP hosting address was given, one could determine who's hosting this website.
BumRushDaShow
(129,662 posts)chmod 777 so they could get around easily.
Ms. Toad
(34,117 posts)BigmanPigman
(51,642 posts)but it really is like Russian to me. Can someone explain this like you're are speaking with a three year old since that is my level of tech lingo.
Brother Buzz
(36,478 posts)Parler has a direct link to the defunct Cambridge Analytica founded by Robert Mercer for the sole purpose of data mining. Mercer's daughter started Parler, and undoubtedly used a bootleg copy of Cambridge Analytica's software.
BigmanPigman
(51,642 posts)Thank you...
abqtommy
(14,118 posts)freedumb to go maskless since the virus is a hoax? Yeah, there's definitely a hoax involved
but it's not the virus!