Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Mikael Thalen Profile picture
@MikaelThalen
Oct 21, 2021 9 tweets 5 min read Read on X
Scrolly
NEW: I spoke with the hacker who discovered that Trump's new social media platform 'TRUTH Social' was openly accessible online.

Here's how they found it: dailydot.com/debug/hacker-t…
The hacker, who asked not to be identified but claimed affiliation with the hacking collective Anonymous, first noticed the name of the company behind TRUTH Social's app: T Media Tech LLC.

dailydot.com/debug/hacker-t…
The hacker then used Shodan, a search engine that finds servers exposed to the open web, to look for any domains linked to T Media Tech LLC.

dailydot.com/debug/hacker-t…
That's how the hacker was able to discover the domain mobile.tmediatech[.]io - which appeared to be running the mobile beta for TRUTH Social.

The site allowed anyone to sign up and register an account despite the official launch not being until next year. dailydot.com/debug/hacker-t…
News of the URL made its way soon after to @ThatNotoriousK, who was able to setup numerous accounts including one for QAnon guru Ron Watkins.

Numerous others were able to setup accounts as well.

One user was able to secure the handle @realdonaldjtrump and proceeded to share a meme of a defecating pig.

dailydot.com/debug/trump-tr…
Washington Post tech reporter @drewharwell was able to setup an account on TRUTH Social using the handle @mikepence.

I was able to setup an account with the handle @donaldtrump as well.

TRUTH Social eventually noticed the activity and blocked active users, disabled new signups, and eventually took the entire domain offline.

I emailed TRUTH Social to ask about the incident but did not receive a reply. dailydot.com/debug/hacker-t…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mikael Thalen

Mikael Thalen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @MikaelThalen

Mikael Thalen Profile picture
Jan 19, 2023
NEW: The federal No Fly List was exposed on an open server discovered by a security researcher last week.

The list, which was being stored by the US airline CommuteAir, contained over 1.5 million rows of data including names, aliases, & birth dates. dailydot.com/debug/no-fly-l…
The server, discovered by hacker @_nyancrimew, was secured prior to publication.

CommuteAir says the list was a version from 2019.

The Daily Dot was able to find numerous high-profile figures including the recently-freed Russian arms dealer Viktor Bout & at least 16 aliases.
The infrastructure, described by CommuteAir as a development server, also contained the names, addresses, phone numbers & passport numbers of over 900 CommuteAir staff including pilots & crew.

CommuteAir says an initial investigation shows that no customer data was exposed.
Read 5 tweets
Mikael Thalen Profile picture
Dec 16, 2022
After banning @elonjet, which he said he wouldn’t, Musk has now banned @joinmastodon after it tweeted that users could follow the jet-tracking account on their platform.
It appears Washington Post journalist @drewharwell was suspended as well for pointing out that Mastodon was suspended for promoting ElonJet, which I also just did in the above tweet.
New York Times journalist Ryan Mac has now been suspended for merely mentioning Musk’s suspension of Mastodon and ElonJet.
Read 12 tweets
Mikael Thalen Profile picture
Oct 28, 2022
A blog run by David Depape, the Berkley man accused of attacking Paul Pelosi with a hammer, has articles titled 'Hitler did nothing wrong,' 'Black pilled,' and 'Pedophile normalization.' Image
Source: heavy.com/news/david-dep…
Correction: 'Hitlery' was autocorrected to 'Hitler.'

The specific blog post in question is referring to former Secretary of State Hillary Clinton.
Read 6 tweets
Mikael Thalen Profile picture
Oct 28, 2022
A fake statement from Donald Trump congratulating Elon Musk on his acquisition of Twitter is spreading online.

The fabricated quote claims Trump's account will be reinstated Monday & that the ex-president is "Happy to be able to engage with an African-American owned business." twitter.com/i/web/status/1…
It appears the Independent briefly ran with the false claim but has since changed the article's headline.

The incorrect article has already been aggregated by Yahoo News.

webcache.googleusercontent.com/search?q=cache…
Read 4 tweets
Mikael Thalen Profile picture
Jul 25, 2022
NEW: An anti-vaccine dating website that allows users to donate “mRNA FREE” semen left its users’ personal data exposed online.

dailydot.com/debug/anti-vax…
The site that was leaking user data, known as 'Unjected,' is similar in design to Twitter but is often referred to as the “Tinder for anti-vaxxers.”

Users can advertise their 'mRNA FREE' blood, sperm, or eggs to one another.
dailydot.com/debug/anti-vax…
Security researcher @GeopJr1312 discovered that Unjected's web application framework had been left in debug mode.

From there they were able to find the private email addresses for the site's roughly 3,500 members.

dailydot.com/debug/anti-vax…
Read 6 tweets
Mikael Thalen Profile picture
Feb 28, 2022
NEW: Despite the significant uptick of hacking & leaking amid Russia's invasion of Ukraine, every single method offered by WikiLeaks to submit them documents is broken.

Every submission option featured by WikiLeaks leads to broken sites & errors.

dailydot.com/debug/submitti…
On WikiLeaks submission page, users are asked to visit their onion service on the dark web to securely provide them leaks...

Yet their server isn't even online. dailydot.com/debug/submitti…
WikiLeaks also offers a clearnet webchat where users can be assisted in accessing the tor network in order to securely provide them with leaks.

Yet the domain is 502. dailydot.com/debug/submitti…
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(