The founder of the far-right social media platform Gab said that the private account of former President Donald Trump was stolen under the data and was publicly released by hackers who recently violated the website.
In a statement Sunday, founder Andrew Torba used a transphobic abuse to refer to Emma Best, the co-founder of Distributed Denial of Secrets. The statement confirmed that the WikiLeaks group on Monday claimed to have obtained 70 GB of passwords, private posts and more from Gab and made it available to select researchers and journalists. The data, according to Best, was provided by an unidentified hacker who violated Gab by exploiting a vulnerability of SQL injection in his code.
“My account and Trump’s account have been compromised, of course because Trump is about to speak on stage,” Torba wrote Sunday while Trump was about to speak at the CPAC conference in Florida. “The whole company is investigating all the things that happened and is working to track down the problem.”
An important data set
GabLeaks, as DDoSecrets calls the leak, comes nearly eight weeks after pro-Trump insurgents stormed the U.S. Capitol. The rioters took hundreds of thousands of videos and photos of the siege and posted them online. Mainstream social media sites have removed much of the content because it violates their Terms of Service.
“The Gab data is an important but complex data set,” DDoSecrets staff wrote in a report Monday morning. “Apart from being a corpus of public discourse on Gab, it also contains every private message and many private messages. In a simpler or more ordinary time, it would be an important sociological resource. In 2021, it is also a record of the culture and the precise statements surrounding not only an increase in extremist views and actions, but also an attempt at coup d’etat. ‘
Gab and a competing website called Parler were among the last havens that allowed much of the content to remain publicly available. Amazon and web hosting providers later cited a lack of sufficient content moderation to suspend the service to Parler.
Shortly before closing, however, someone found a way to use Parler’s publicly available programming interfaces to scrape off about 99 percent of the website’s user content and then make it publicly available.
Although law enforcement groups probably had other ways of obtaining the Parler data, the availability of the public made it possible for a much larger group of people to conduct their own research and investigations. The leak was particularly valuable because material contains metadata that is usually removed before users can download videos and images. The metadata gave people the ability to track the exact timelines and locations of filmed contestants.
DDoSecrets said that the 70 GB GabLeaks contains more than 70,000 ordinary text messages in more than 19,000 chats by more than 15,000 users. The dump also contains passwords that have been ‘hashed’, a cryptographic process that converts ordinary text into incomprehensible characters. Although hashes can not be converted back to plain text, it can be easy if you choose sites for poor hashing schemes. (Ars said best that they do not know which hashing scheme is used.) The leak also contains common text passwords for user groups.
Hate speech harbor
Gab has long been criticized as a haven for hate speech. In 2018, Google banned the Gab app from its Play Store for violating terms of service. A year later, web host GoDaddy terminated the service to Gab after one of the users visited the site to criticize the Hebrew Immigration Relief Society shortly before he killed 11 people in a synagogue in Pittsburgh.
Gab was also investigated by the Pennsylvania Attorney General. In January, the Anti-Defamation League called on the US Department of Justice to investigate Gab for his role in the uprising against the capital.
Attempts to reach Torba for comment do not succeed.
Best said that DDoSecrets makes GabLeaks only available to journalists and researchers with a documented history of leaks. People can use this link to request access.