When a new social platform launches and user data is scraped or exposed, the biggest risk for most people is not account "hacking" in the Hollywood sense. It is targeted phishing and account takeover attempts that use leaked emails, usernames, and profile details.
GETTR launched in July 2021 and quickly drew reports of security and privacy problems, including profile tampering and a dataset posted on a hacking forum that was described as scraped user data.
Immediate steps if you created a GETTR account
- Change any password you reused elsewhere. Start with your email account, then your password manager, then financial accounts.
- Turn on 2FA on your email and other high-value accounts so an email-only leak cannot become a full takeover.
- Assume you will get realistic phishing messages. Do not click login links in email or SMS. Open the app or type the address yourself.
- Review the app’s privacy and profile settings and remove anything you do not want tied to your email address long term.
- If you no longer want the account, look for export and deletion options, then remove the account using the platform’s official settings path.
Safety note: A scrape can still be dangerous. Attackers use leaked emails and profile details to craft convincing support, verification, and password reset scams.
What was reported about GETTR in 2021
Reporting in July 2021 described multiple issues shortly after launch. Researchers highlighted privacy and security bugs, prominent accounts were vandalized on the first day, and later reporting described a dataset posted online that was characterized as scraped user data.
- Security and privacy bugs reported shortly after launch: Vice
- Scraped user dataset reported: Motherboard
- Launch-day profile tampering reported: Insider
Scraping and intrusion are not the same thing, and platforms sometimes frame incidents differently over time. From a user-safety perspective, the response is similar: treat your exposed email and profile as attacker input and harden what it can unlock.
How attackers turn exposed emails into account takeovers
Most account takeovers start with one of three moves: password reuse, password reset interception, or social engineering of support channels. A leaked email address is the connector for all three.
- Password reuse: attackers try your email and a leaked password from another breach against multiple services.
- Reset abuse: attackers trigger a password reset and try to trick you into handing over the code or clicking a fake reset page.
- Support scams: attackers claim your account is "at risk" and push you to install apps, share codes, or approve logins.
The high-leverage defense is to reduce what your email alone can do: strong authentication on email, unique passwords everywhere, and recovery channels that you control. If you want to reduce how much data is available to link to you, see reduce your digital footprint.
Platform incidents come and go, but the personal security pattern stays stable. The earlier you treat a scrape as a credential and phishing risk problem, the less likely it is to become a long-running recovery problem later.