Gab, a social network also linked to the extreme was hacked and the hacker threatened to leak private messages and passwords of 15.000 users.
The Distributed Denial of Secrets group stole data covering more than 70GB from Gab which consists of more than 40 million posts on the platform.
A hacktivist identified as JaXpaRo and My Little Anonymous Revival Project boasts that he stole all that data from one of Gab’s backend databases in an effort to expose the vast majority of the platform’s users.
Gab suffers a serious hack
Emma Best, the co-founder of the DDoSecrets group, claims that the stolen data includes not only posts, but public profiles, private messages from individual accounts, user passwords, group passwords and emails. “It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content.”
It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6,” she added.
The group will not publish the full data due to its sensitivity and the large amount of private information it contains. However, selected coverage of information will be shared with journalists, scientists and researchers to track these kinds of groups. The CEO of the social network himself, Andrew Torba, has acknowledged the leak.
While the passwords of private groups were not encrypted, those of individual users did have a cryptographic hash, a protection that depends heavily on the security level of the hashing scheme and the strength of the password itself.
The hacker extracted the data through an SQL injection vulnerability, a fairly common bug on today’s websites and one that has led to the leak of numerous private data over the years.
Some of the passwords included in the leak belonged to the accounts of Donald Trump, pro-QAnon Republican Congresswoman Marjorie Taylor Greene, MyPillow CEO Mike Lindell and radio host Alex Jones.
According to what the content reveals, the users are made up of a large number of conspiracy theorists from the ultra-nationalist group Qanon, white supremacists, and promoters of Donald Trump’s voter fraud conspiracies.
Torba, meanwhile, noted that while the direct messages were compromised, they were only active for a few weeks, also assuring that Gab does not collect sensitive data from its users, such as phone numbers, dates of birth, health information, or bank details.
Gab thus joins the list of far-right services that have suffered this kind of problem in recent months after Parler. Parler was banned from numerous platforms such as Amazon, Google or Apple.
Gab became tremendously famous after it was discovered that the perpetrator of the Pittsburgh synagogue shooting, Robert Bowers, was a prolific user of Gab, as well as hosting important names within the white supremacist sector, such as Richard Spencer or Mike Cernovich.