Far-Right Platform Gab Has Been Hacked—Including Private Data

 This article is thanks to patriot6

The incident comes weeks after far-right platform Parler was hacked just prior to being knocked offline.

WHEN TWITTER BANNED Donald Trump and a slew of other far-right users in January

, many of them became digital refugees, migrating to sites like Parler and Gab to find a home

 that wouldn't moderate their hate speech and disinformation. Days later, Parler was hacked,

 and then it was dropped by Amazon web hosting, knocking the site offline. Now Gab, 

which inherited some of Parler's displaced users, has been badly hacked too. An enormous 

trove of its contents has been stolen—including what appears to be passwords and private 

communications.

On Sunday night the WikiLeaks-style group Distributed Denial of Secrets is revealing what 

it calls GabLeaks, a collection of more than 70 gigabytes of Gab data representing more than

 40 million posts. DDoSecrets says a hacktivist who self-identifies as "JaXpArO and My 

Little Anonymous Revival Project" siphoned that data out of Gab's backend databases in an 

effort to expose the platform's largely right-wing users. Those Gab patrons, whose numbers 

have swelled after Parler went offline, include large numbers of Qanon conspiracy theorists,

 white nationalists, and promoters of former president Donald Trump's election-stealing 

conspiracies that resulted in the January 6 riot on Capitol Hill.

DDoSecrets cofounder Emma Best says that the hacked data includes not only all of Gab's 

public posts and profiles—with the exception of any photos or videos uploaded to the site—

but also private group and private individual account posts and messages, as well as user 

passwords and group passwords. "It contains pretty much everything on Gab, including user 

data and private posts, everything someone needs to run a nearly complete analysis on 

Gab users and content," Best wrote in a text message interview with WIRED. "It's another 

gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and 

everything surrounding January 6."

DDoSecrets says it's not publicly releasing the data due to its sensitivity and the vast amounts

 of private information it contains. Instead the group says it will selectively share it with 

journalists, social scientists, and researchers. WIRED viewed a sample of the data, and it 

does appear to contain Gab users' individual and group profiles—their descriptions and 

privacy settings—public and private posts, and passwords. Gab CEO Andrew Torba 

acknowledged the breach in a brief statement Sunday.

Passwords for private groups are unencrypted, which Torba says the platform discloses to 

users when they create one. Individual user account passwords appear to be 

cryptographically hashed—a safeguard that may help prevent them from being 

compromised—but the level of security depends on the hashing scheme used and the 

strength of the underlying password.



Among the users whose hashed passwords appeared to be included in the data were those for

 Donald Trump, Republican congresswoman and QAnon-conspiracy theorist Marjorie Taylor

 Greene, MyPillow CEO and election-conspiracy theorist Mike Lindell, and 

disinformation-spouting radio host Alex Jones.


The hacked data also includes a chatlogs.txt file that appears to contain private conversations

 between the site's users. That file's contents begin with an added note from JaXpArO: 

"FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA."

According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL 

injection vulnerability in the site—a common web bug in which a text field on a site doesn't

 differentiate between a user's input and commands in the site's code, allowing a hacker to 

reach in and meddle with its backend SQL database. Despite the hacker's reference to an 

"Anonymous Revival Project," they're not associated with the loose hacker collective 

Anonymous, they told Best, but do "want to represent the nameless struggling masses 

against capitalists and fascists."

WIRED reached out to Gab for comment Friday, offering to share what we'd learned about 

the nature of the site's data breach. The company's CEO, Andrew Torba, responded in a 

public statement on the company's blog that "reporters, who write for a publication that has

 written many hit pieces on Gab in the past, are in direct contact with the hacker and are 

essentially assisting the hacker in his efforts to smear our business and hurt you, our users."

 (WIRED has had no direct contact with the hackers, to our knowledge, only DDoSecrets.)


“It's another gold mine of research for people looking at militias, neo-Nazis, the far right, 

QAnon and everything surrounding January 6.”

EMMA BEST, DDOSECRETS

Responding to WIRED's mention of a SQL injection vulnerability, Torba's initial statement 

noted that “we were aware of a vulnerability in this area and patched it last week. We are 

also proceeding to undertake a full security audit.” The post went on to state that Gab doesn't

 collect personally identifiable information from its users such as telephone numbers, Social 

Security numbers, birth dates, or health and financial information. “DMs were only live for a

 few weeks and are not currently a feature supported by the site, so if a breach has in fact 

occurred in that domain we expect the number of affected accounts to be low,” Torba added.

 “As we learn more about this alleged breach, we will notify the community publicly with our findings 

as required by law.”

Torba did not confirm that a security breach had occurred in his Friday statement. 

But in a follow-up on Sunday, Torba used a transphobic slur to insult the hackers "attacking"

 the site and added that both his and Donald Trump's accounts had been "compromised."

 (DDoSecrets was careful to note to WIRED that it has not attempted to crack any of the 

hashed passwords or tested any of the plaintext passwords in the hacked data. WIRED hasn't either.)

“The entire company is all hands investigating what happened and working to trace and 

patch the problem,” Torba wrote Sunday.

Gab is the second far-right social media site to be deeply hacked in as many months. 

Following the Capitol Hill riot in January, other hacktivists used a simple security flaw in

 the bustling social media site Parler to download all of its public contents, including the 

location data embedded in every photo and video Parler users had posted. That Parler data, 

which placed several users at Capitol Hill on January 6, was preserved by the Internet 

Archive and also made available by DDoSecrets.

When Amazon booted Parler from its hosting service in January, many of the site's users 

flocked to Gab. But until now, hacktivists have had a hard time downloading public Gab 

posts as they did with Parler, says Max Aliapoulios, a graduate researcher at the New York 

University Center for Cybersecurity, with whom DDoSecrets has shared a copy of the 

hacked Gab data. Due mostly to Gab's instability and frequent downtime, Aliapoulios found

 that he couldn't easily use an automated tool to scrape the site.


Aliapoulios, cocreator of the Social Media Analysis Toolkit, a project that analyzes online 

communities, argues that the leak of non-private data from Gab will serve a public interest. 

"This is all of Gab, and we didn't have to even run a crawler to get it," Aliapoulios says.

The data, he says, could offer a window into how users migrate from one service to another 

when facing bans or deplatforming and could even serve to help build tools to keep Gab's

 hate speech and disinformation from spreading to other sites. "There's so much hate, 

harassment, racism, neo-Nazism that occurs on a site like that," Aliapoulios says, "that 

having a record of that could help develop ways to automatically detect that type of 

content so that other places that don't allow it can remove it."

The Gab hack is just the latest in a recent string of apparent "hacktivist" breaches, many of 

which have ended with DDoSecrets publishing reams of stolen data, or making it privately 

available to journalists and researchers. DDoSecrets has also recently released hundreds of 

gigabytes of information a hacker took from corporations in Myanmar following the 

military coup there earlier this month. Over the summer, DDoSecrets rose to prominence 

with a massive leak of law enforcement data stolen by a hacker associated with 

Anonymous, which DDoSecrets dubbed BlueLeaks. And last month it controversially began

 publishing collections of corporate data stolen and leaked by ransomware hackers after 

their victims refused to to pay.

Compared with those ransomware leaks, DDoSecrets' decision to only privately share Gab's 

data may represent a lighter touch. DDoSecrets' Best argues that this approach minimizes

 the violation of innocent Gab users' privacy. "Journalists and researchers aren't going to be 

doing deep dives into people who only post about their kids' ballet recital and pictures of 

their pets," Best writes.

But given that other parts of the leak may go well beyond those personal details—and even 

offer insights into the January 6 Capitol riot, Best argues that Gab's data deserves scrutiny. 

"In a simpler or more ordinary time, it'd be an important sociological resource," Best writes.

 "In 2021, it's also a record of the culture and the exact statements surrounding not only an 

increase in extremist views and actions, but an attempted coup."

Far-Right Platform Gab Has Been Hacked—Including Private Data | WIRED