How Did The Parler Hack Happen? WordPress Security Issues Lead the Way

Parler, the Twitter rip-off that served as one of the main organizing tools for the Donald Trump fanatics who stormed the U.S. Capitol on Jan. 6, has been largely offline for more than a week. But even in suspended animation, the preferred online home for QAnon, the Proud Boys, and other elements of the American far-right is still creating trouble.

Decisions by Amazon, Apple, and Google to quit hosting the site and forbid mobile users to download the app have triggered cries of Big Tech censorship. First Amendment and internet regulation politics aside, the way Parler gushed data on its way out the door raises serious cybersecurity questions as well as worries about whether other players on the internet have data breaches in their future.

Though it’s impossible to verify without peeking under Parler’s hood—a task now impossible since the website is offline—the prevailing narrative is that a Parler security flaw (or flaws) allowed a white-hat hacker to download and archive all of Parler’s user data shortly before Amazon Web Services pulled the plug on hosting the site. Among the data presented for the public (and law enforcement) to access included, in some cases, potentially incriminating location data.

Parler relied on Worpress, the world’s most-used content management system. That has led to speculation that WordPress was part of the flaw and that anyone else using WordPress was in danger. However, according to a general consensus of cybersecurity experts, including several contacted for this article, Parler’s data breach didn’t happen simply because Parler used WordPress. Instead, Parler’s user data leaked because CEO John Matze and the site’s architects left major flaws in Parler’s API, the link between Parler’s front-end and its user data.

See Also: Elon Musk Blames Facebook and Mark Zuckerberg For Capitol Riot

The “predominant belief” is “that Parler was a rushed, poor design buoyed by right-leaning investors to become pretty large before they really had built a solid foundation, technologically speaking,” Andrew Zolides, a professor of communications at Xavier University who teaches courses in digital design told Observer. (Among…