HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » More on the Parler Hack. ...

Tue Nov 24, 2020, 06:23 PM

More on the Parler Hack. (Miscellaneous chaos)



Parler has been compromised. DM's as well as SSN's and other ID leaked (twitter.com/kevinabosch)
4 points by fooey 37 minutes ago | hide | past | favorite | 6 comments

fooey 36 minutes ago [–]

Here's an additional source with an ENV dump



reply


slondr 21 minutes ago [–]

Am I missing something? I don't see anything about SSNs here
reply


newacct583 10 minutes ago [–]

Someone posted a link to a Parler influencer agreement document which said they would ask for things like government IDs. It's entirely unclear if they ever took that data or if was available via this database. But... yeah, this is the whole Parler site it looks like.
reply


ev1 25 minutes ago. [–]

Why in the absolute fuck is Parler requesting any form of PII/PCI data?
reply


fooey 22 minutes ago. [–]

For "Verified" accounts
reply



https://news.ycombinator.com/item?id=25203846




Text: BREAKING: There was just a #parlerhack, this was publicly available and unencrypted on their public API endpoint. Not sure what they've changed yet, although expect a ton of data shortly, we will post updates. #ParlerLeaks

Link to something called an ENV Dump (DU computer and tech experts needed here!)

https://archive.ph/Mll5H

Sample from the ENV Dump:

# Database Configuration
define( 'DB_NAME', 'wp_parler' );
define( 'DB_USER', 'parler' );
define( 'DB_PASSWORD', 'hIP9PEV6u1GXfG4F8jEA' );
define( 'DB_HOST', '127.0.0.1' );
define( 'DB_HOST_SLAVE', '127.0.0.1' );
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');
$table_prefix = 'wp_';

# Security Salts, Keys, Etc
define('AUTH_KEY', '@,*9_voP3sKC3z&&P}[(-h2#UOM_0]*[02%]MW:h7}L,G.IN1j@bKY0ohOqH');
define('NONCE_KEY', 'E@V!WK#Z0h%ZRs5dRg?7!orCFbGAUWLXxf3|:55g(++`$CQVc53n7]U}}]ck5{;l');
define('AUTH_SALT', '+!5MfxQ7]x >FNiuS|/c:nX yG=ksoW)+jZbgjogXQar)*,&HY>{|*v8pBA;$|-w');
define('SECURE_AUTH_SALT', '+bq>0u,c^1#[7l1#|R+7-[;$iw>3sQ@N|^l>x7-eci(>}');


# Localized Language Stuff

define( 'WP_CACHE', TRUE );

define( 'WP_AUTO_UPDATE_CORE', false );

define( 'PWP_NAME', 'parler' );

define( 'FS_METHOD', 'direct' );

define( 'FS_CHMOD_DIR', 0775 );

define( 'FS_CHMOD_FILE', 0664 );

define( 'PWP_ROOT_DIR', '/nas/wp' );

define( 'WPE_APIKEY', 'a1495db2888c2a21d556a9d9d0617935fbb5be57' );

define( 'WPE_CLUSTER_ID', '151738' );

define( 'WPE_CLUSTER_TYPE', 'pod' );

define( 'WPE_ISP', true );

define( 'WPE_BPOD', false );

define( 'WPE_RO_FILESYSTEM', false );

define( 'WPE_LARGEFS_BUCKET', 'largefs.wpengine' );


21 replies, 2659 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 21 replies Author Time Post
Reply More on the Parler Hack. (Miscellaneous chaos) (Original post)
Mike 03 Nov 24 OP
octoberlib Nov 24 #1
underpants Nov 24 #2
cwydro Nov 24 #3
brooklynite Nov 24 #9
cwydro Nov 24 #15
Mike 03 Nov 24 #4
ace3csusm Nov 24 #5
Mike 03 Nov 24 #6
gollygee Nov 24 #7
Mike 03 Nov 24 #8
Blue_true Nov 24 #18
ego_nation Nov 24 #19
Eugene Nov 24 #10
turtleblossom Nov 24 #11
BumRushDaShow Nov 24 #14
Ms. Toad Nov 24 #12
BigmanPigman Nov 24 #13
Brother Buzz Nov 24 #20
BigmanPigman Nov 24 #21
abqtommy Nov 24 #16
LeftInTX Nov 24 #17

Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:27 PM

1. Cambridge Analytica people who are running this for the Mercers are

datamining. Who in the hell would give this site their SSN ?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to octoberlib (Reply #1)

Tue Nov 24, 2020, 06:29 PM

2. Thank you

I thought it was strange when DU wanted a stool sample from but SSN? No way.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to octoberlib (Reply #1)

Tue Nov 24, 2020, 06:30 PM

3. I hope those posting here bragging about joining that site to stir shit have not done so.

Seems a very poor decision.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cwydro (Reply #3)

Tue Nov 24, 2020, 06:34 PM

9. I don't think anyone here was considered an "influencer" over there...

...when I set up my account, it was just the usual name and email address.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to brooklynite (Reply #9)

Tue Nov 24, 2020, 06:44 PM

15. Well, that's good to hear.

I didn’t know you were one of those who joined.

I was thinking of some others, but at any rate, that’s good to hear that no one was giving SSN info etc.

These “reports” of a hack all seem to imply that people had to provide extensive personal info.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to octoberlib (Reply #1)

Tue Nov 24, 2020, 06:30 PM

4. Isn't that crazy?

I've never been asked for my SSN by a website, never, not Amazon, Twitter, etc...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:30 PM

5. My only though is that its a russian site collecting data....

Why in the absolute fuck is Parler requesting any form of PII/PCI data?
reply?

Because they are a russsian site ....

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:32 PM

6. "What is PCI and PII data?" - Answered

What is PCI and PII data?
Two key areas of data compliance revolve around Payment Card Industry (PCI) and Personally Identifiable Information (PII). ... PII data includes such things as social security numbers, date of birth, personal health information, and other data that can identify an individual.


https://sherpasoftware.com/blog/finding-pci-pii-in-your-organization/

I didn't know either; I had to look it up.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:32 PM

7. These are the kinds of people who won't give a phone number to a restaurant for contact tracing

and they're giving their social security numbers out for a social networking site?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to gollygee (Reply #7)

Tue Nov 24, 2020, 06:33 PM

8. ...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to gollygee (Reply #7)

Tue Nov 24, 2020, 06:51 PM

18. Who said that their decision-making made any sense?

They are screwball that got their asses in a sling now.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to gollygee (Reply #7)

Tue Nov 24, 2020, 06:54 PM

19. Remember they'll trust anything that is a part of their own tribe.

Without question.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:36 PM

10. Gee. I don't think anybody could have predicted that these hackers

would come for a site with social security numbers.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:38 PM

11. Looks like a site built with WordPress

Did they forget to chmod something????

If the IP hosting address was given, one could determine who's hosting this website.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to turtleblossom (Reply #11)

Tue Nov 24, 2020, 06:43 PM

14. Maybe left it at

chmod 777 so they could get around easily.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:39 PM

12. Why would there be SSNs on Parler??? n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:41 PM

13. I wish I understood one word of this

but it really is like Russian to me. Can someone explain this like you're are speaking with a three year old since that is my level of tech lingo.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BigmanPigman (Reply #13)

Tue Nov 24, 2020, 06:58 PM

20. It's not Russian, but domestic skulduggery

Parler has a direct link to the defunct Cambridge Analytica founded by Robert Mercer for the sole purpose of data mining. Mercer's daughter started Parler, and undoubtedly used a bootleg copy of Cambridge Analytica's software.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Brother Buzz (Reply #20)

Tue Nov 24, 2020, 07:03 PM

21. I actually understood that!

Thank you...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:46 PM

16. Are these people being hacked on Perilous Parler the same people concerned with their

freedumb to go maskless since the virus is a hoax? Yeah, there's definitely a hoax involved
but it's not the virus!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Mike 03 (Original post)

Tue Nov 24, 2020, 06:50 PM

17. I don't think it's real

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread