Hackers Scrape 90,000 GETTR User Emails, Surprising No One

Just days after its launch, hackers have already found a way to take advantage of GETTR's buggy API to get the username, email address, and location of thousands of users.
July 6, 2021, 3:06pm
donald-trump
Image: James Devaney/GC Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Hackers were able to scrape the email addresses and other data of more than 90,000 GETTR users.

On Tuesday, a user of a notorious hacking forum posted a database that they claimed was a scrape of all users of GETTR, the new social media platform launched last week by Trump’s former spokesman Jason Miller, who pitched it as an alternative to "cancel culture." The data seen by Motherboard includes email addresses, usernames, status, and location. 

Advertisement

One of the people whose email is in the database confirmed to Motherboard that they are indeed registered to GETTR. Motherboard also verified the database by attempting to create an account with three email addresses that appear in the database. When doing that, the site displayed the message: "The email is taken," suggesting it's already registered. 

It's unclear if the database contains the usernames and email addresses of all users on the site. 

Alon Gal, the co-founder and CTO of cybersecurity firm Hudson Rock, found the forum post with the database. 

Gal argued that this incident should be considered a data breach.

"When threat actors are able to extract sensitive information due to neglectful API implementations, the consequence is equivalent to a data breach and should be handled accordingly by the firm and to be examined by regulators," he told Motherboard in an online chat. 

GETTR did not immediately respond to a request for comment sent to an email address displayed on the app's Google Play page. 

Have you found any bugs or other security issues with GETTR? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr and Wire, or email lorenzofb@vice.com

GETTR's rollout hasn't exactly been smooth. On July 4, the day of the site' official launch, a hacker broke into and defaced some of the site's most prominent users, including its founder Jason Miller, former CIA director Mike Pompeo, former Trump advisor Steve Bannon, and pro-Trump congresswoman Marjorie Taylor Greene, as first reported by Insider.

The hacker told Insider that he targeted the site "just for fun" and that it was "easy" to hack. 

Advertisement

"They should not publish the website before making sure everything, or at least almost everything, is secure," he said. 

On the day of its launch, security and privacy researchers warned that GETTR's API was poorly programmed and had several bugs. One of them made it possible for someone to figure out whether a given person is on GETTR. Another bug exposed a user's list of muted and blocked accounts, according to former FTC chief technologist Ashkan Soltani.  

Last week, cybersecurity reporter Zack Whittaker predicted that someone would soon scrape all the website's content. For now, no one has scraped all the content on the site—at least that we know—but tens of thousands of GETTR users have now had their email addresses exposed. 

UPDATE, Wed. July 7, 10:00 a.m. ET: After this story was published, Jason Miller, the CEO of GETTR, issued a statement: “GETTR does not request personal, identifying information for new users and, unlike other social media platforms, we are not interested in selling any data about our users.”

“Additionally, Tuesdaty’s reports make it sound as though there was a new intrusion,” the statement continued. “That is inaccurate. The brief intrusion that happened Sunday morning was quickly rectified. While the problem has already been addressed, GETTR takes cybersecurity seriously and has undertaken another round of security testing by a ‘white hat’ security firm to ensure safety.”

Subscribe to our cybersecurity podcast, CYBER.