Cyber Incident Victim: Parler
Date:
Jan 2021
Location:
United States of America
Summary
A right-wing social media platform was taken offline following a significant data breach where hackers exploited an internal web address to download all user content, including messages, images, videos, location data, and previously deleted posts. The attackers implemented a crowdsourced effort to archive the data before the platform's hosting termination, processing it for public release on an internet archive accessible to researchers and law enforcement. This breach raised concerns among users about potential doxxing, personal accountability, and real-world repercussions due to exposed activities. The platform's CEO indicated extended downtime due to difficulties securing alternative hosting services after widespread provider rejections.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Parler social media platform was taken offline on January 11, 2021, following Amazon Web Services' decision to terminate its hosting services. Prior to this shutdown, an unidentified hacker operating under the alias "Crash Override" discovered an internal web address that provided unrestricted access to Parler's user data. This vulnerability enabled the systematic downloading of all content posted to the platform, including user messages, images, videos, and associated location metadata. Notably, the archive contained posts that users had attempted to delete, as Parler's systems only marked content as hidden rather than permanently erasing it from servers. The hacker initially worked independently to extract this data but accelerated efforts through crowdsourcing after Amazon announced its impending service termination. A publicly shared list of post identifiers allowed multiple participants to assist in downloading approximately 70 terabytes of content before Parler went offline. The archive included material posted during the January 6, 2021 Capitol attack, with processing underway to upload the complete dataset to the Internet Archive for public access.
The data breach generated significant concern among Parler users, particularly within pro-Trump communities that constituted the platform's primary user base. A Telegram channel associated with the North Central Florida Patriots warned members about potential mass doxxing, employment consequences, and physical safety risks stemming from the exposure of personal information and location data. Concurrently, Parler CEO John Matze acknowledged operational challenges in securing alternative hosting, contradicting earlier estimates of a one-week outage by stating the platform would remain offline longer due to widespread refusal of service by potential providers. The archived Parler data became accessible to open-source investigators, journalists, and law enforcement agencies, creating permanent public documentation of user activity. Platform administrators implemented no publicized containment measures prior to or during the breach, with the takedown resulting exclusively from Amazon's infrastructure removal rather than internal security remediation efforts.