Twitter Thread: 327GB of membership, donation, and petition signature records from the Tea Party Patriots

Posted August 5, 2021 in twitter-threads

Background: This is an archived Twitter thread. For more information, read: Elon banned me from Twitter for doing journalism. Good riddance.

Original URL of Twitter thread:

Remember the Tea Party movement? Someone hacked their biggest group, @TPPatriots, and sent me 327gb of membership, donation, and petition signature records, including phone numbers, addresses, detailed activity history, and password hashes

Posted 10:12 AM · Aug 5, 2021, 534 Retweets, 1,242 Likes

TPP was founded in 2009 basically to protest Obama, Obamacare, and big government.

They were involved in Trump's "March to Save America" rally before the Jan 6 attack on the Capitol, and they spread COVID-19 misinformation early in the pandemic.

Posted 10:13 AM · Aug 5, 2021, 65 Retweets, 232 Likes

Turns out, a few super rich donors account for most of the TPP non-profit's donations for multiple years.

In 2019 the non-profit got $1.2M in revenue. One was Texas billionaire Christopher Goldsbury, who on September 11, 2019 wired $1,000,000.

Posted 10:14 AM · Aug 5, 2021, 94 Retweets, 246 Likes

In 2015 the non-profit got $106k in revenue, hacked data shows from only 2 donors.

$100,000 of that came from now-deceased California real-estate billionaire Sanford Diller, who donated a total of $400k to TPP's organizations.

Posted 10:15 AM · Aug 5, 2021, 49 Retweets, 159 Likes

Interesting note about Sanford Diller:

He was also allegedly involved in an illegal scheme to trade millions of dollars in political donations in exchange for a pardon from Donald Trump for a friend of his

Posted 10:15 AM · Aug 5, 2021, 75 Retweets, 209 Likes

Another major donor is David Gore (an Oregan libertarian who's family owns the Gore-Tex fabric company), who stays out of the pubic light. Between 2018 and 2021, he's given:

  • $50,000 to TPP Action, 501c4
  • $275,000 to TPP's super PAC
  • $124,000 to TPP Foundation, 501c3

Posted 10:16 AM · Aug 5, 2021, 77 Retweets, 163 Likes

TPP frequently claims to have "over 3 million" supporters, but this doesn't seem to be even close to true.

The hacked data (which could be incomplete) shows the real number is closer to 500k supporters, and only 144k of those are listed as "active"

Posted 10:18 AM · Aug 5, 2021, 68 Retweets, 178 Likes

Because the data has home addresses, we could map cities with active users. Houston has the most, 984, followed by San Antonia, Las Vegas, then Phoenix. Are there Tea Party people in your area?

(This map shows cities (with >=10 users), not home addresses)

Posted 10:20 AM · Aug 5, 2021, 74 Retweets, 174 Likes

TPP is a conservative activist group. Back in mid-2015 to mid-2017 they frequently had petitions that got >20k signatures with names like:

  • No Funding for Illegals
  • Save Our Constitution
  • Support Senator Jeff Sessions
  • Trump Won, Get Over It

Posted 10:22 AM · Aug 5, 2021, 33 Retweets, 123 Likes

But their activism division has really waned since then. There's only been 3 petitions with more than 8k signatures since then.

Their latest "Stop Critical Race Theory" petition only got 34 signatures in its first 2 weeks.

Posted 10:22 AM · Aug 5, 2021, 34 Retweets, 124 Likes

Their most popular petition of all time, "Make Adam Schiff Resign", got 70k signatures.

This was during Trump's first impeachment inquiry. Schiff was a lead investigator into allegations that Trump withheld funds from Ukraine in exchange for investigations into the Bidens.

Posted 10:23 AM · Aug 5, 2021, 28 Retweets, 108 Likes

A quick note about the password hashes in the hacked data:

The data has hashes for 13,000 users, and they're all hashed used salted MD5. MD5 is totally broken, so it's likely most of the original passwords could be recovered with normal GPUs and not too much time.

Posted 10:25 AM · Aug 5, 2021, 22 Retweets, 104 Likes

So, why hack Tea Party Patriots? The hacker, who identifies with Anonymous, says it's because TPP was responsible for a lot of early COVID-19 misinformation, promoting hydroxychloroquine as a cure (it's not)

Posted 10:29 AM · Aug 5, 2021, 63 Retweets, 177 Likes

It turns out, if you viewed the source of any of TPP's petitions there was an 💫ADMINISTRATOR💫 API key. This "Wear Red on Trump's Birthday" petition is the one the hacker looked at to find this API key

Posted 10:34 AM · Aug 5, 2021, 49 Retweets, 176 Likes

Using this API key, they could access ALL OF TPP'S DATA. So they did.

They made over 800,000 API requests and downloaded details of ~800 local chapters and all their members, all the petitions and everyone who signed or donated.

Each of these users is full of detailed info.

Posted 10:34 AM · Aug 5, 2021, 36 Retweets, 148 Likes

It turns out with this administrator API key it's not only possible to download all their data, but also to change it. For a few weeks in July, ALL of TPP's petitions were renamed to "Stop the Computer Fraud and Abuse Act"

Posted 10:35 AM · Aug 5, 2021, 39 Retweets, 171 Likes