Gab: Right-wing social network hacked with posts, passwords, and private messages revealed

Over 40 million posts were leaked from the site

Adam Smith
Monday 01 March 2021 14:45 GMT
Comments
(Adam Smith / The Independent)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Gab, the social media platform popular with right-wing online commentators, has been hacked, with passwords and private communication leaking.

The “GabLeaks” hack contains more than 70GB of data taken from the social media site, including over 40 million posts.

The organisation that is revealing the information, Distributed Denial of Secrets, told Wired that a hacktivist called “JaXpArO and My Little Anonymous Revival Project” took the data out of the site’s backend database.

The hack apparently contains all of Gab’s public posts and profiles, private group messages, user passwords, and group passwords. It does not contain any photos or videos uploaded to the site.

Some of the prominent members whose passwords appear to be available include Donald Trump, QAnon-conspiracy theorist and congresswoman Marjorie Taylor Greene, and broadcaster Alex Jones.

The data will not be released due to its sensitivity, but will be provided to journalists and researchers. Wired has apparently viewed the data, and it appears to be valid. The Independent has contacted DDoSecrets for a copy.

“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” DDoSecrets cofounder Emma Best told Wired.

“It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything surrounding January 6.”

The hack apparently took place using an SQL injection vulnerability, which is when a website does not differentiate between user input and the site’s code.

In a statement published Andrew Torba, Gab’s CEO, said that it was “aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit.”

A few days later, Torba claimed that both his account and Donald Trump’s accounts were compromised. DDoSecrets claims that no passwords had been cracked, nor had they been tested. The Independent has reached out to Gab for further comment.

Gab is not the only platform popular with right-wing users that has recently had personal information divulged. Parler, an app popular with insurrectionists who stormed Capitol Hill, inadvertently uploaded their GPS coordinates to the app which was scraped and archived by researchers.

Over 500 videos taken rioters stormed the Capitol building were arranged in chronological order and can be scrolled through by users.

DDoSecrets has also revealed vital data before - but which saw its account get banned from Twitter. The group published documents from 200 law enforcement agencies, which revealed that the FBI monitored the social media accounts of protestors and sent such information to law enforcement.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in