Gab Platform Hacked by Activist Group DDoSecrets
The transparency group now has in its possession over 70 GB of data.
You might have heard of the social network Gab after the dramatic incidents that took place on the 6th of January in the USA.
DDoSecrets stated that JaXpArO and My Little Anonymous Revival Project, a hacktivist, has siphoned over 70 GB of data out of Gab’s backend databases to expose the platform’s largely rightwing users.
What is Gab?
Just to quickly recap, Gab is an American alt-tech social networking service known for its far-right user base, a proper haven for extremists like neo-Nazis, white supremacists, white nationalists, the alt-right, and QAnon conspiracy theorists, Gab has attracted users and groups who have been banned from other social media and users seeking alternatives to mainstream social media platforms.
Officially Gab says it promotes free speech, individual liberty, and the free flow of information online, but the social network has been repeatedly linked to radicalization leading to real-world violent events.
“GabLeaks” and what it really is.
The WikiLeaks-style group, called informally Distributed Denial of Secrets, has announced that it will be revealing something called “GabLeaks”.
This represents a collection of more than 70 GB of Gab data, containing over 40 million posts, private conversations between the users, and other crucial pieces of information.
Apparently, among the Gab users that have migrated from Parler after the Social Network went offline, there are a lot of Qanon conspiracy theorists, white nationalists, and promoters of former president Donald Trump’s election-stealing conspiracies that resulted in the January 6 riot on Capitol Hill.
What data was stolen in this attack?
According to Emma Best, the cofounder of DDoSecrets, the hacked data includes alongside all of Gab’s public posts and profiles, private group and private individual account posts and messages, as well as user passwords and group passwords.
“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content. It’s another gold mine of research for people looking at militias, neo-Nazis, the far-right, QAnon and everything surrounding January 6.”
DDoSecrets does not plan to publicly release the data due to it being highly sensitive, as they officially state on their website.
“While the dataset is extremely important to understanding recent and current events, as well as being a valuable historical archive, it also represents privacy concerns. Due to these concerns, along with presence of passwords and other PII, this dataset is currently only being offered to journalists and researchers.”
WIRED analyzed a sample of the data, and this appears to contain the individual and group profiles of Gab users, including their descriptions and privacy settings, both public and private messages and passwords.
The CEO of Gab, Andrew Torba admitted the breach in a brief statement on Sunday.
Passwords for the private groups were not encrypted, which Torba says the platform discloses to users when they come to create one, the only way for properly encrypting a password in these conditions would’ve been to have cryptographically hashed a backup that can help prevent them from being compromised. This method can be efficient, but it depends on the hash scheme used and the strength of the underlying password.
Donald Trump, QAnon MP Marjorie Taylor Greene, MyPillow CEO, and electoral conspiracy theorist Mike Lindell, and radio host Alex Jones, are just some of the celebrities, whose hashed passwords are included in the hacked data, alongside a chatlogs.txt, containing conversations between the site users.
How did the hackers gain access to the data?
According to Emma Best, co-founder at DDoSecrets, Gab’s data was extracted with the help of an SQL injection vulnerability in the site.
The journalist from WIRED reached out to Gab’s CEO, Andrew Torba, on Friday offering to share their learning regarding the nature of the data breach. Torba replied in a public statement, on the company’s blog:
“Today we received an inquiry from reporters about an alleged data breach. We have searched high and low for chatter on the breach on the Internet and can find nothing. We can only presume the reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users.
The reporter, without providing us with any evidence of the breach or assistance to identify its veracity, alleged that an archive of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups have been leaked via a SQL injection attack. We were aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit.”