When Twitter was banned Donald Trump and a large number of far-right users in January, many of whom became digital refugees, migrating to places like Parler and Gab to find a home that would not moderate hate speech and misinformation. Days later, Parler was hacked and then abandoned by Amazon’s web hosting, leaving the site offline. Now, Gab, who inherited some of Parler’s displaced users, has also been heavily hacked. A huge amount of content has been stolen, including those that look like passwords and private communications.
Sunday night, the WikiLeaks Distributed Denial of Secrets style group unveils what it calls “GabLeaks,” a collection of more than 70 gigabytes of Gab data representing more than 40 million posts. DDoSecrets says a hacktivist who identifies himself as “JaXpArO and My Little Anonymous Revival Project” removed this data from Gab’s databases in an attempt to expose users to much of the platform. These Gab bosses, who have increased their numbers after Parler switched to the connection, include a large number of Qanon conspiracy theorists, white nationalists and promoters of former President Donald Trump’s election theft conspiracies. which caused the January 6 riot on Capitol Hill.
DDoSecrets co-founder Emma Best says the hacked data includes not only all of Gab’s posts and public profiles, with the exception of photos or videos posted on the site, but also posts and messages from private accounts and private groups. , as well as user passwords. and group passwords. “It contains almost all of Gab’s content, including user data and private posts, everything anyone needs to do an almost complete analysis of Gab’s users and content,” Best wrote in a text message interview with WIRED. “It’s another research gold mine for people looking at militias, neo-Nazis, the far right, QAnon and everything around January 6.”
DDoSecrets says it does not publicly publish the data because of its sensitivity and the large amount of private information it contains. Instead, the group says it will selectively share it with journalists, social scientists and researchers. WIRED saw a sample of the data and appears to contain individual and group profiles of Gab users (their descriptions and privacy settings), private posts, and passwords. Andrew Torba, CEO of Gab, acknowledged the gap in a brief statement on Sunday.
Passwords for private groups are not encrypted, which Torba says the platform discloses to users when they create one. Individual user account passwords appear to be cryptographically summarized (a protection that can help prevent them from being compromised), but the level of security depends on the summary scheme used and the strength of the underlying password.
Users who seemed to have their passwords included included those of Donald Trump, Republican Congresswoman and QAnon conspiracy theorist Marjorie Taylor Greene, CEO of MyPillow, and election conspiracy theorist Mike Lindell, and radio host Alex Jones.
The hacked data also includes a chatlogs.txt file that appears to contain private conversations between users of the site. The contents of this file begin with an added note from JaXpArO: “FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA”.
According to DDoSecrets’ Best, the hacker said they removed Gab’s data using a SQL injection vulnerability in the site, a common web bug in which a text field in a site does not differentiate between user and site code commands. , allowing a hacker to access and intervene in their SQL database. Despite the hacker’s reference to an “Anonymous Revival Project,” they are not associated with the Anonymous hacker collective, they told Best, but they do “want to represent the anonymous masses fighting capitalists and fascists.”
WIRED turned to Gab for comment Friday and offered you what we had learned about the nature of the site’s data breach. The company’s CEO, Andrew Torba, responded in a public statement on the company’s blog that “journalists, who write for a publication that has written many publications about Gab in the past, are in direct contact with the pirate and essentially help the hacker in his efforts to take our business off and hurt you, our users. ” (WIRED has had no direct contact with hackers, to our knowledge, only DDoSecrets).
In response to WIRED’s mention of a SQL injection vulnerability, Torba’s initial statement stated that “we were aware of a vulnerability in this area and fixed it last week. We are also proceeding with a security audit. complete “. The message went on to indicate that Gab does not collect personally identifiable information from its users, such as phone numbers, Social Security numbers, dates of birth, or financial and health information. “The DMs were only posted for a few weeks and are currently no feature compatible with the site, so if there has in fact been an infringement on this domain, we expect the number of affected accounts to be low,” he said. add Peat. “As we learn more about this alleged breach, we will publicly notify the community of our findings as required by law.”