Late Sunday night, Parler went offline after Amazon Web Services cut off hosting for the social media outlet, a decision that followed the site's use as a tool to plan and coordinate an insurrectionist , pro-Trump mob's invasion of the US Capitol building last week. In the days and hours before that shutdown, a group of hackers scrambled to download and archive the site, uploading dozens of terabytes of Parler data to the Internet Archive. One pseudonymous hacker who led the effort and goes only by the twitter handle @donk_enby told Gizmodo that the group had successfully archived "99 percent" of the site's public contents, which she said includes a trove of "very incriminating" evidence of who participated in the Capitol raid and how.By Monday, rumors were circulating on Reddit and across social media that the mass disemboweling of Parler's data had been carried out by exploiting a security vulnerability in the site's two-factor authentication that allowed hackers to create "millions of accounts" with administrator privileges. The truth was far simpler: Parler lacked the most basic security measures that would have prevented the automated scraping of the site's data. It even ordered its posts by number in the site's URLs, so that anyone could have easily, programmatically downloaded the site's millions of posts.
"It's just a straight sequence, which is mind-numbing to me," says White. "This is like a Computer Science 101 bad homework assignment, the kind of stuff that you would do when you're first learning how web servers work. I wouldn't even call it a rookie mistake because, as a professional, you would never write something like this."Services like Twitter, by contrast, randomize the URLs of posts so they can't be guessed. And while they offer APIs that give developers access to tweets en masse, they carefully restrict access to those APIs. By contrast, Parler had no authentication for an API that offered access to all its public contents, says Josh Rickard, a security engineer for security firm Swimlane. "Honestly it seemed like an oversight, or just laziness," says Rickard, who says he analyzed Parler's security architecture in a personal capacity. "They didn’t think about how big they were going to get, so they didn’t do this properly."