Far-Right Platform Gab Has Been Hacked—Including Private Data

According to DDoSecrets' Best, the hacker says that they pulled out Gab's data via a SQL injection vulnerability in the site—a common web bug in which a text field on a site doesn't differentiate between a user's input and commands in the site's code, allowing a hacker to reach in and meddle with its backend SQL database. Despite the hacker's reference to an "Anonymous Revival Project," they're not associated with the loose hacker collective Anonymous, they told Best, but do "want to represent the nameless struggling masses against capitalists and fascists."

WIRED reached out to Gab for comment Friday, offering to share what we'd learned about the nature of the site's data breach. The company's CEO, Andrew Torba, responded in a public statement on the company's blog that "reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users." (WIRED has had no direct contact with the hackers, to our knowledge, only DDoSecrets.)

“It's another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything surrounding January 6.”

Responding to WIRED's mention of a SQL injection vulnerability, Torba's initial statement noted that “we were aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit.” The post went on to state that Gab doesn't collect personally identifiable information from its users such as telephone numbers, Social Security numbers, birth dates, or health and financial information. “DMs were only live for a few weeks and are not currently a feature supported by the site, so if a breach has in fact occurred in that domain we expect the number of affected accounts to be low,” Torba added. “As we learn more about this alleged breach, we will notify the community publicly with our findings as required by law.”

Torba did not confirm that a security breach had occurred in his Friday statement. But in a follow-up on Sunday, Torba used a transphobic slur to insult the hackers "attacking" the site and added that both his and Donald Trump's accounts had been "compromised." (DDoSecrets was careful to note to WIRED that it has not attempted to crack any of the hashed passwords or tested any of the plaintext passwords in the hacked data. WIRED hasn't either.)

“The entire company is all hands investigating what happened and working to trace and patch the problem,” Torba wrote Sunday.

Gab is the second far-right social media site to be deeply hacked in as many months. Following the Capitol Hill riot in January, other hacktivists used a simple security flaw in the bustling social media site Parler to download all of its public contents, including the location data embedded in every photo and video Parler users had posted. That Parler data, which placed several users at Capitol Hill on January 6, was preserved by the Internet Archive and also made available by DDoSecrets.

When Amazon booted Parler from its hosting service in January, many of the site's users flocked to Gab. But until now, hacktivists have had a hard time downloading public Gab posts as they did with Parler, says Max Aliapoulios, a graduate researcher at the New York University Center for Cybersecurity, with whom DDoSecrets has shared a copy of the hacked Gab data. Due mostly to Gab's instability and frequent downtime, Aliapoulios found that he couldn't easily use an automated tool to scrape the site.

Aliapoulios, cocreator of the Social Media Analysis Toolkit, a project that analyzes online communities, argues that the leak of non-private data from Gab will serve a public interest. "This is all of Gab, and we didn't have to even run a crawler to get it," Aliapoulios says.

The data, he says, could offer a window into how users migrate from one service to another when facing bans or deplatforming and could even serve to help build tools to keep Gab's hate speech and disinformation from spreading to other sites. "There's so much hate, harassment, racism, neo-Nazism that occurs on a site like that," Aliapoulios says, "that having a record of that could help develop ways to automatically detect that type of content so that other places that don't allow it can remove it."

The Gab hack is just the latest in a recent string of apparent "hacktivist" breaches, many of which have ended with DDoSecrets publishing reams of stolen data, or making it privately available to journalists and researchers. DDoSecrets has also recently released hundreds of gigabytes of information a hacker took from corporations in Myanmar following the military coup there earlier this month. Over the summer, DDoSecrets rose to prominence with a massive leak of law enforcement data stolen by a hacker associated with Anonymous, which DDoSecrets dubbed BlueLeaks. And last month it controversially began publishing collections of corporate data stolen and leaked by ransomware hackers after their victims refused to to pay.

Compared with those ransomware leaks, DDoSecrets' decision to only privately share Gab's data may represent a lighter touch. DDoSecrets' Best argues that this approach minimizes the violation of innocent Gab users' privacy. "Journalists and researchers aren't going to be doing deep dives into people who only post about their kids' ballet recital and pictures of their pets," Best writes.

But given that other parts of the leak may go well beyond those personal details—and even offer insights into the January 6 Capitol riot, Best argues that Gab's data deserves scrutiny. "In a simpler or more ordinary time, it'd be an important sociological resource," Best writes. "In 2021, it's also a record of the culture and the exact statements surrounding not only an increase in extremist views and actions, but an attempted coup."

Ha ha.

UK rightwing tabloids start panicking. Big time lol

[quote] JaXpArO: "FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA."

As I suspected, this really has nothing to do with simply going after Trump supporters. One of my professional contacts on Facebook got his business page banned recently and he was a leftist who regularly compared Trump and his supporters to Nazis. I guess he figured since he had the "correct" political opinions, he would be spared. Instead, he was begging his followers for advice on how to get his business page back up and was dejected to learn that there was pretty much nothing he could do. The powers that be are using this as a pretext to target and harass anyone with anti establishment views because those opinions are a threat to their corporate backers.

Think about it, why would this information be useful for research when all the information that would be needed is already public? What purpose is there to leak private details about citizens unless your goal is to intimidate them into silence? This isn't cancel culture? This is teetering on fascism.

R5

Says the guy who routinely complains about 'SJWs' and cancel culture and defends Gina Carano.

OMG.

So, your latest obsession when I'm offline playing Mahjong Wolves by Diffrence games?

R5 Sure, Klan

R7

I want to know more lol

Bump

Take this dose of free speech, Andrew! (What's in his porn collection, btw?)

They had their data hacked once before, right?

R5 is 100% right. Things like this naturally elicit cheers because its happening to "them", but that's a very narrow sighted view. Don't think it can't happen to Datalounge.

What would they get from DL? Our payment info is with Stripe, not DL, and they'd only get a bunch of posts linked to an IP address.

"Datalounge hacked! Someone in Montauk really hates track lighting! Film at 11:00!"

r14, I don't pay