Trump team social network Gettr hacked and 90,000 user emails exposed

There was also the key issue with the encryption being done client side, and the defacements.

Aren’t all “hacks” due to unforseen consequences of “designing it that way”?

(Hack implies to me using the system in a way it was not intended. )

4 Likes

What everyone calls the Sarah Palin email hack consisted of selecting account recovery and putting in the required information. :man_shrugging:

9 Likes

Ah. Maybe I’m old fashioned in not viewing “hack” as necessarily implying criminal behavior…or even technical proficiency for that matter. Some hacks are just having access to information people have put out there. Phishing, Vishing, etc are all about getting people to divulge information they shouldn’t.

In this case, there are API errors, as well as doing code in unsafe ways, like exposing internal keys to clients. I would say taking advantage of either is most definitely a hack.

6 Likes

Well, the current group of programmers are a lot of people who got into the business because they were in school when the booms happened and thought it would be a nice way to earn money. Maybe not be the next Jeff Bezos, but earn a steady living. Just another office job.

This particular case seems to be due to those who worked on the product not really caring about the product, only in getting the money up front, doing enough to pass the bar, get paid, move on to the next client. Get hacked? Well, you shouldn’t have skimped and chosen the fast/cheap option.

Which kinda fits. The client and his toadies are also of the “get the money without having to deliver” mentality, so the only people who will work for them have the same approach. It’s grifters grifting the grifters.

13 Likes

Do we have a succinct idea of where the coders are even from? I’ve seen at least a couple of speculative mentions it looks like an outsourced code mill along the lines of: “So you can’t code, but want to develop a website”.

5 Likes

It puts the users on notice that, hey, you might not be anonymous and your racist/sexist/murderous screeds that got you kicked off other platforms could be discovered and tied to an email that might be tied to your name if you didn’t think to use a burner email. So, rather being an escape from c̶a̶n̶c̶e̶l̶ ̶c̶u̶l̶t̶u̶r̶e̶ natural consequences of bad behavior, it was an vehicle for people to publicly reveal they engaged in bad behavior. So, likely took the wind out of their sails.

6 Likes

How about, “attractive to nazis”?

1 Like

Bold of you to assume any developers got paid. That’s not normally Trump’s M.O.

5 Likes

Well, hacks include things like social engineering, so for me it goes beyond using the system in ways not intended. Previous intrusions into the system seem like more obvious examples of hacking. And in this case, what was “intended” is a bit murky…

2 Likes

It’s like saying “shark-infested waters.” That’s where they live.

7 Likes

Why does his shadow look like a dick? …oh never mind…

2 Likes

Yes… hacking has been misconstrued by the press for ages…
maybe one day…

If I were to work for these louts, I would demand payment in advance. Which does fit in with the off-the-shelf sort of setup already tossed out as an idea.

4 Likes

Gettr got!

1 Like

Social engineering, or what people outside the industry may refer to as a con job (confidence game) is in fact, also using the system in ways it was not intended. It’s a hack.

Perhaps wasn’t your point, but I was going to say I would call all of the ways gettr got owned, to be hacks. Also wanted to point out it was mor ethan just a poorly designed API, and while one might say it’s an easy intrusion to deface a website where they did the cryptographic hashing client side, it’s still a hack.

I find it encouraging on one level that all of these right wing social media sites they keep trying to stand up over a weekend are so poorly designed. There have been others like daily stormer, that are propped up by people that understand the technical issues, but at least they don’t have broad reach at the moment.

1 Like

Maybe some state group provided the setup, figuring it would save them hacking it later or planting people in the company?

3 Likes

"…includes email addresses, usernames, status, and location."

So what’s the real deal on Hitler; Where’s he been hiding?

3 Likes

Realistically, doing anything for Trump & Cronies without getting paid up front is asking to get stiffed. At that point you might as well donate your services because you ain’t getting shit.

3 Likes

And I can pretty much guarantee that that’s the biggest dick shadow that any of that clan have ever cast…

1 Like

They put price and political leanings ahead of competence. Also speed - they want it done yesterday, for cheap.

Hackers know they will launch before security testing, with a configuration that is default, and none of the needed patches applied.

1 Like