When Twitter was banned Donald Trump and a slew of other far-right users in January, became many of their digital refugees and migrated to sites like Parler and Gab to find a home that would not moderate their hate speech and disinformation. Days later, Parler was hacked and then dropped by Amazon web hosting, beating the site offline. Now Gab, who inherited from Parler’s displaced users, has also been severely hacked. An enormous amount of content was stolen – including passwords and private communications.
The WikiLeaks group Distributed Denial of Secrets unveiled ‘GabLeaks’ on Sunday night, a collection of more than 70 gigabytes of Gab data representing more than 40 million jobs. DDoSecrets says a hacktivist who identifies himself as “JaXpArO and My Little Anonymous Revival Project” has siphoned the data from Gab’s back-end databases in an attempt to expose the platform’s largely real users. The Gabonists, whose numbers have risen since Parler went offline, include large numbers of Qanon conspiracy theorists, white nationalists and promoters of former President Donald Trump’s election-stolen conspiracies that led to the January 6 riot on Capitol Hill.
Emma Best, co-founder of DDoSecrets, says the hacked data includes not only all of Gab’s public posts and profiles, with the exception of any photos or videos uploaded to the site, but also private group and private accounts and messages , as well as user passwords. and group passwords. “It contains virtually everything about Gab, including user data and private posts, everything anyone needs to perform an almost complete analysis of Gab users and content,” Best wrote in an SMS interview with WIRED. “This is another goldmine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything around January 6.”
DDoSecrets says that it is not the disclosure of the data due to the sensitivity and the large amounts of private information it contains. Instead, the group says it will selectively share it with journalists, social scientists and researchers. WIRED has previewed the data and it appears to contain individual and group profiles of Gab users – their descriptions and privacy settings – public and private placements and passwords. Gab CEO Tor Torba admitted the offense Sunday in a brief statement.
Passwords for private groups are not encrypted, which according to Torba makes the platform known to users when they create one. Passwords for individual user accounts appear to be cryptographically hashed – a protection that can prevent them from being compromised – but the level of security depends on the hashing scheme used and the strength of the underlying password.
Among the users whose memory passwords were apparently entered in the data were those of Donald Trump, Republican congressman and QAnon conspiracy theorist Marjorie Taylor Greene, CEO of MyPillow and election conspiracy theorist Mike Lindell, and radio host Alex Jones , which misuses the information.
The hacked data also contains a chatlogs.txt file that appears to contain private conversations between users of the site. The contents of the file begin with a remark by JaXpArO: “FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERICA.”
According to DDoSecrets’ Best, the hacker said they extracted Gab’s data from a vulnerability in the SQL injection on the site – a common web error in which a text field on a site does not distinguish between user input and the commands in the code of the site. , which allows a hacker to log in with his SQL database from behind. Despite the hacker’s reference to an “Anonymous Revival Project”, they are not affiliated with the loose hacker collective Anonymous, they told Best, but want to “represent the nameless struggling masses against capitalists and fascists.”
WIRED commented and offered to Gab on Friday to share what we learned about the nature of the site’s intrusion on the site. Andrew Torba, CEO of the company, responded in a public statement on the company’s blog that ‘reporters, who are writing for a publication that has already written many hits about Gab, are in direct contact with the hacker and the hacker essentially help. attempts to lubricate our business and hurt you, our users. “(To our knowledge, WIRED had no direct contact with the hackers, only with DDoSecrets.)
In response to WIRED’s vulnerability from an SQL injection, Torba’s initial statement stated that ‘we were aware of a vulnerability in this area and patched it up last week. We also continue to conduct a full security audit. ‘ The report further stated that Gab does not collect personally identifiable information from its users such as phone numbers, social security numbers, dates of birth or health and financial information. “DMs have only been available for a few weeks and are not currently a feature supported by the site. If there has been a breach in the domain, we expect the number of accounts affected to be low,” he said. Torba added. “As we learn more about this alleged offense, we will notify the community of our findings as required by law.”