The social network Gettr, made for conservatives, launched this week amidst several problems: it suffered a hacker attack on opening day, was inundated with adult content involving Sonic (!), and left a flaw exposed that allowed it to collect data from almost 80,000 users. This includes several supporters of former US President Donald Trump and Jair Bolsonaro, as reported by Techblog.
What data has leaked from Gettr?
Cybersecurity expert Alon Gal explains on Twitter that, due to a poorly implemented API at Gettr, it was possible to extract real names, usernames, year of birth and email addresses – this last information should be hidden from the public. A database containing all this was posted for free on a forum last Tuesday (6).
An analysis performed by the Techblog found 78,268 email addresses exposed in the leaked database. Of this total, 3,766 belong to accounts that mention “Bolsonaro”, “Brazil”, “Brazil” and/or names of Brazilian cities (São Paulo, Rio de Janeiro etc.).
Among them are senator Flávio Bolsonaro, deputy Carla Zambelli and minister Fábio Faria, whose personal e-mail addresses were exposed.
Gettr allows you to put a bio on your profile, and most accounts exposed describe themselves with terms like “conservative”, “right-wing”, “Christian” and “patriot”. Some mention the expression “God, Fatherland and Family”, an integralism motto that was used by Bolsonaro in the electoral campaign; besides the slogan “Brazil above all, God above all”.
There are 398 profiles that explicitly mention Bolsonaro’s name, against only 35 that speak of political rival Lula. In turn, we counted 3,911 accounts that refer to Trump or “MAGA”, slogan of his electoral campaign.
The base was leaked into a file with the name “Guttr”, a word similar to “gutter”. The profile that posted the leak on the forum explains that it was able to capture the data until Gettr made an API change.
In another forum thread, users were planning an operation to create bots and generate accounts that would “spread a folder full of advertisements.” The person who leaked the data said he could only help by showing how to do the collection via the API, but wished him luck in the endeavor.
Entrepreneur Jason Miller, founder of Gettr, commented on the security breach to motherboard:
The brief invasion that took place on Sunday morning was quickly corrected. While the issue has now been resolved, Gettr takes cybersecurity seriously and has conducted another round of testing by a white hat company.
Bolsonaro is on Gettr; Trump stays out
Gettr’s launch had some setbacks: it promises to be a social network without the “censorship” of Twitter and Facebook, so some profiles wanted to test that rule by posting adult Sonic-related content, photos of elderly men in underwear and left-wing memes, according to O Kotaku. Accounts have been banned.
Gettr was founded by a former adviser to Trump, so many thought the former president would have a stake in the social network. However, this is not the case: he does not have an official profile on the platform and, according to journalist Jennifer Jacobs of Bloomberg, will have no financial involvement.
For his part, Bolsonaro already has a verified Gettr account, which basically reposts the president’s tweets. Deputy Eduardo Bolsonaro also has a profile, and in one of his posts, he says:
Here we don’t have the censorship of Google and other leftist social networks. Freedom of expression is respected. What is your real opinion about early treatment, experimental vaccines, Coronavac’s effectiveness, social isolation and herd immunity?