Andrew Heinzman
Trump Media and Technology Group just announced TRUTH Social, a rival platform to Twitter, Facebook, and all of the other Big Tech giants. But like other specialized social media platforms, TRUTH will be a target for hackers, and it could leave your private info exposed. We’re not just speculating here—TRUTH Social has already been compromised, and it’s not even out yet!
Update, 2/22/22: After suffering from months of delays and a launch-day outage, TRUTH Social is now available with a waiting list. We strongly suggest avoiding the website, as it’s a sitting duck for hackers. As detailed in this article, TRUTH Social was hacked during its private beta and runs on open source Mastodon code—the same code utilized by Gab and other political social media platforms that were hacked to death.
Just two hours after Trump Media and Technology Group announced TRUTH Social, a group of Twitter users managed to access the beta website and make accounts with usernames like @donaldtrump and @mikepence. This beta website isn’t supposed to go live until November, but as reported by Insider, people simply guessed its URL to gain early access.
TRUTH Social’s beta page is now inaccessible to outsiders. But those who gained early access made some interesting discoveries. Most notably, TRUTH Social uses the open-source Mastodon 3.0 social media codebase, apparently without much customization (and without providing credit, which violates Mastodon’s terms).
Was just able to setup an account using the handle @donaldtrump on 'Truth Social,' former President Donald Trump's new social media website.
Although the site is not officially open, a URL was discovered allowing users to sign up anyway. pic.twitter.com/MRMQzjNhma
— Mikael Thalen (@MikaelThalen) October 21, 2021
That means TRUTH Media may be vulnerable to the same exploits as any other Mastodon-based site, including Gab, a niche social media platform that was recently hacked and hit with a $500,000 ransom demand. Evidently, hackers stole private user data from Gab using a simple SQL injection, something that should be impossible on a properly secured website.
Basic bugs and vulnerabilities are actually a very big problem in the world of specalized social media. Just look at Parler, a platform that lost 70TB of user data, including private posts and messages, all because it didn’t randomize its URLs.
And then there are sites like Gettr and Frank, which failed shortly after their debut due to … you guessed it, hackers. Are you noticing a trend here? These small websites are a huge target for hackers, but unlike Facebook or Twitter, they don’t have the resources or knowledge to deal with basic hacking attempts.
Even if TRUTH Social tries to take security seriously, which doesn’t seem to be the case (it’s a bare-bones uncredited Mastodon fork), the platform is a giant target for hackers. Those who sign up for TRUTH Social are almost certainly putting their private data at risk. Please keep that in mind when the platform launches this November.
Source: TMTG, Insider, @VValkyriePub
