I've been researching the Parler/Twilio hack, and found some disturbing information.

Parler was using WordPress. They (probably) stupidly did not disable the default admin account.

Parler was using Twilio to manage their passwords. (Using a 3rd party service to manage passwords is a lazy idiot move.)

When Twilio disables your account, the default is to ALLOW EVERY LOGIN! This meant hackers could log into WordPress using the default admin account. (If Parler had disabled the default admin account, the hackers would have also needed to guess the admin login username.)

In their announcement banning Parler, Twilio also gave some information that made it easier for the hackers. I couldn't find the original source.

The big tech companies coordinated to mass ban Parler. They also coordinated their attack to cause maximum damage! Think about it. Why did Twilio drop Parler A FEW HOURS BEFORE their AWS account was terminated? If Twilio waited until after Parler's AWS account was terminated, the hack would not have happened!

The big tech companies knew about this flaw in Twilio, so they coordinated their bans so that Parler was exposed for a few hours. As a bonus, the vulnerability happened on Sunday evening, when Parler employees would have been not working or scrambling to deal with the AWS shutdown.

A WordPress Administrator has access to the full database and the ability to execute arbitrary code. I'm afraid this means the hackers got everything. (Some sources said they didn't get driver's licenses and phone numbers. If it was on the server, the hackers got it.)

I don't have a Parler account, because I was put off by the phone number requirement.

Twitter has a "can't share hacked information" policy that was strictly enforced for the Hunter Biden data (which wasn't even a hack). That policy is being conveniently ignored for the Parler hack.

If law enforcement tried to subpoena Parler's entire database, a judge probably wouldn't have allowed it. This hack is a loophole that lets them look at everything.

I know some lawyers read thedonald.win. I hope someone can share this information with them. Any user whose data was exposed should have a claim against Twilio, because of the "allow every login" flaw in their product.

Edit: Sorry, was Okta not Twilio. Every other source was mentioning Twilio.