Coping MAGA on Twitter
twitter.com
BREAKING: There was just a #parlerhack, this was publicly available and unencrypted on their public API endpoint. Not sure what they've changed yet, although expect a ton of data shortly, we will post updates. #ParlerLeaks pic.twitter.com/s5ZTtQJw7c— Coping MAGA (@CopingMAGA) November 24, 2020

Oh, it is good.

https://twitter.com/hashtag/ParlerLeaks

https://twitter.com/hashtag/parlerhack

Post any good finds.

Best explanation I've seen why this is a big deal.

WordPress Config file being accessible is a big yikes. Gives you the destination for the DB as well as the username and password to sign into it. MySQL export and anything not using MD5 Hash is visible right away - the rest? Decrypt.

Soon as the DB has been exported, game over.

https://twitter.com/IckleIzu/status/1331401417186299909

  • ChapoBapo [he/him]
    ·
    4 years ago

    The admins were admonishing people to use a proton mail email to setup 2fa on here and I don’t really understand the benefit. This single-use email just becomes the SPOF instead of chapo chat so what’s the difference? I don’t use an email.

    • Lrak [he/him]
      ·
      4 years ago

      Also: let’s say my profile gets hacked. What are they going to do? Post? Comment? It’s not like they can send themselves money or buy things in my name.

      • ChapoBapo [he/him]
        ·
        4 years ago

        I was thinking about this too and it’s like unless you’re using the same username/password on here as your bank, the worst that could happen is they hijack a power poster’s reputation on here and use it to influence people in some kind of negative way, which is a lot of effort for what actual benefit and also why we shouldn’t have power posters.

      • AlfredNobel [comrade/them,any]
        ·
        4 years ago

        Some people get attached to their online identity. But I'm all for changing your account at the same time you change your toothbrush. In the future when it comes time to vote in mods and things like that you might need to keep an account to be a part of those decisions but that's an opt in thing.

    • aaaaaaadjsf [he/him, comrade/them]
      ·
      4 years ago

      A user's account got "hacked" by people that were able to guess/find their password somewhere. That's why 2fa was pushed heavily, to try prevent that from happening if you have 2fa enabled

      • ChapoBapo [he/him]
        ·
        4 years ago

        So essentially the benefit is that a hypothetical attacker who wants to take control of my chapo chat account would have to guess my proton mail email? Is that the benefit?

        • aaaaaaadjsf [he/him, comrade/them]
          ·
          4 years ago

          Well you can use any email service, not just proton mail. The admins just recommend proton mail. They would have to take control of your email account as well I guess

          • ChapoBapo [he/him]
            ·
            4 years ago

            Sure, so they’d have to guess my email account. But they wouldn’t have to take control of both my chapo chat account AND my email account, they’d have to take control of my email only. Then they could reset my chapo password. So that’s why I said the email becomes the single point of failure - if that’s compromised, then everything’s compromised. So I shouldn’t use ChapoBapo@protonmail.com, but if I use a random unrelated email address and the attacker was specifically targeting getting access to my chapo chat account for ... some unknown reason then I can see how having the email would be an additional layer of protection.