Well, it was fast. Just days after the start of a Twitter clone of former Trump spokesman Jason Miller, the new social network has already been overwhelmed by the problem. For one, hackers quickly used Gatrie’s API to scrap the email addresses of more than 85000 of its users. Usernames, names and birthdays were also part of the scrapped data set, revealed by Alan Gall, co-founder of cybersecurity firm Hudson Rock.
“When threatening actors are able to retrieve sensitive information due to neglected API implementation, the result is equivalent to a data breach and should be handled by a firm [and] tested by regulators,” Gall told TechCrunch. Last week, TechCrunch’s own Jack Whitaker predicted that Gator would soon see data scraped through its API. Scraped data is just one of the Getter headaches. The app went live on the App Store and Google Play last month but left beta on July 4 after a launch post from Politico.
The application is meant to appeal to Trump’s anti-China field, with Gator apparently receiving initial funding from Guo Wengui, a Chinese billionaire aide to former Trump adviser Steve Bannon. Earlier this year, the Washington Post reported that Guo was at the center of a huge online disinformation network that spread anti-vaccine claims and Qin conspiracies. On July 2, the application team apologized for the signup delay, citing a spike in downloads, but launch downtime was probably the least of its problems.
A number of official Gator accounts were compromised over the weekend, including Marjorie Taylor-Green, Steve Bannon, and Miller’s own, which raised further questions about the app’s security approach. Excluding that fact, fake accounts outperform any attempt to find users who have been verified in Gator. This also goes in favor of the app’s own recommendations: a fake brand account for Steam was among the app’s own recommendations during TechCrunch testing.
Another red flag: the design of the app is clearly identical to Twitter and seems to have used the company’s API to count the number of followers and copy profiles of some users. Allow (we signed up, but it didn’t work out for us).