Summary List Placement
A hacker has reportedly compromised private messages from 15,000 users on Gab, the right-wing social-media site that has boomed in popularity following January’s Capitol siege.
This is on top of user profiles, hashed passwords for some users, passwords for groups, and more than 70,000 private messages. Data-transparency group Distributed Denial of Secrets (DDoSecrets) said it would share this data with select researchers and journalists.
“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” Emma Best, who cofounded DDoSecrets, told Wired.
“It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6.”
Gab CEO Andrew Torba said that “mentally ill t***** demon hackers” were “attacking” the site, and used a transphobic slur. Torba’s own account, as well as that of former president Donald Trump, were among those compromised, Torba said.
However, Vice reported that the account in Trump’s name was actually created by Torba in 2016 to boost the site’s popularity, and isn’t used by Trump himself.
Gab was founded in August 2016 by Torba, who touts it as a vehicle for free speech. The site has reported massive growth in the aftermath of January’s Capitol siege, as other social-media sites cracked down on posts inciting violence and Parler, another right-wing network, went offline.
70 GB of data siphoned from Gab
The “hacktivist,” known as “JaXpArO and My Little Anonymous Revival Project,” hacked the site to expose its right-wing users, Wired reported. According to DDoSecrets, they siphoned 70 GB of data. Because of privacy concerns associated with the data, DDoSecrets said it was only offering the data to journalists and researchers.
“In a simpler or more ordinary time, it’d be an important sociological resource,” DDoSecrets wrote on its website. “In 2021, it’s also a record of the culture and the exact statements surrounding not only an increase in extremist views and actions, but an attempted coup.”
Gab initially responded to Wired’s request for comment by saying that it didn’t have independent confirmation of the data breach, and added that it collected “very little” personal information from users.
“It is entirely possible for a user of the site to be unidentifiable based on the information they provide at login,” Torba wrote in a blog post Friday.
“If the alleged breach has taken place as described, your passwords have not been revealed,” he added. Passwords for groups aren’t encrypted, and this information is shared with users when they create a group, he said.
But on Sunday, after Wired’s full article and DDoSecrets’ webpage on the hack were released, Torba tweeted that the social-media app was being attacked by hackers. Gab was investigating, he said.
Insider has contacted Gab for comment.
Do you have a tip you want to share? Contact Grace Dean via email (firstname.lastname@example.org). Always use a nonwork email.