GETTR, the new social media launched by Trump advisor Jason Miller, has been hacked, with over 90,000 user locations and details exposed. Users also cannot delete their accounts.
A post on a forum on Tuesday showed that GETTR, which was only officially launched on July 4th, was hacked by “threat actors” who were able to scrape the user data of over 90,000 people. The data, which was accessed via exploiting “bad API” implemented on GETTR, did not include password hashes and data that could be used to log into accounts, but did include emails, usernames, and most worryingly, the location data of the users.
Threat actors were able to take advantage of bad API implemented on Trump's recent social media platform, Gettr (@GettrOfficial).
This allowed them to extract usernames, names, bios, bdays, but most importantly, the emails which were supposed to be private, of over 85,000 users. pic.twitter.com/NsKyz9zHmQ
— Alon Gal (Under the Breach) (@UnderTheBreach) July 6, 2021
Alon Gal, who discovered the forum post, told Vice that it should be considered a data breach, despite the absence of login information. “When threat actors are able to extract sensitive information due to neglectful API implementations, the consequence is equivalent to a data breach and should be handled accordingly by the firm and to be examined by regulators,” he said.
This is not the first time that GETTR has been hacked, with a hacker who claimed to live in Baghdad, Iraq, taking over many verified profiles on the site on launch day itself, changing their usernames to “@JubaBaghdad was here :), ^^free palestine^^.” The hacker told Business Insider that the hack was “just for fun,” and noted that it was quite “easy,” adding that GETTR should not have gone online “before making sure everything, or at least almost everything, is secure.”
After the news broke that GETTR was hacked, some may have wanted to remove their account from the site for security reasons. However, investigation into the site conducted by National File revealed that there was no direct way to delete a user account from GETTR. Unlike all other major social media platforms, there is no clear way to remove an account baked into the site – instead, the only option currently available is to request via a privacy email to delete all user data stored on their network. This then deletes the account as a side-effect, and also requires human intervention to do so.
National File was the first outlet to link GETTR with Miles Guo, a fugitive Chinese billionaire accused of corruption charges by the CCP who now claims to be a whistleblower against the communist regime, noting that many reviews for the site mentioned either himself or his organization, the New Federal State of China. Mainstream media later confirmed that Guo was involved in funding the site, with Politico claiming that the app had existed for a year as a Chinese-language social media network linked to his G-TV network.