Free speech social network Gab has been hacked with over 70GB worth of public posts, private posts, and hashed passwords being compromised in the breach.
According to WIRED, which was given a sample of the hacked data by the group DDoSecrets, the hacked data contains all of Gabโs public posts and profiles (except for photos and videos that were uploaded to Gab), many private posts, hashed user passwords, and plain text group passwords.
In total, DDoSecrets claims that โ70GB of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups in SQL format, along with over 70,000 messages in more than 19,000 chats with over 15,000 users in plaintext formatโ were stolen.
โIt contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,โ DDoSecrets co-founder Emma Best told WIRED.
WIRED added that the hashed passwords of former President Donald Trump, Congresswoman Marjorie Taylor Greene, MyPillow CEO Mike Lindell, and Infowars founder and host Alex Jones were included in the hacked data.
DDoSecrets claims it was given the data by a โhacktivist who self-identifies as โJaXpArO and My Little Anonymous Revival Project.'โ The hacker reportedly siphoned data out of Gabโs backend databases via an SQL injection vulnerability in the site โ a web bug that allows a text field to be used to meddle with a siteโs backend SQL database.
Gab CEO Andrew Torba wrote that the company was โaware of a vulnerability in this area and patched it last weekโ and that Gab is โproceeding to undertake a full security audit.โ
โWe collect very little personal data so that, in the event of a data breach, the effect on our users will be minimized,โ Torba added. โAs we learn more about this alleged breach, we will notify the community publicly with our findings as required by law.โ
In a follow-up post, Torba wrote that his account and Trumpโs account had been compromised and that Gab is โworking with our partners in law enforcement on this issue.โ
โThe entire company is all hands investigating what happened and working to trace and patch the problem. As we learn more I will keep you posted.โ
According to DDoSecrets and WIRED, the hacker stole the data โin an effort to expose the platformโs largely right-wing usersโ and left the note โFUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKAโ in one of the hacked files. Best added that the hacker wants toโrepresent the nameless struggling masses against capitalists and fascists.โ
DDoSecrets told WIRED that it wonโt be releasing the data publicly but it will โselectively share it with journalists, social scientists, and researchers.โ DDoSecrets and WIRED added that they had โnot attempted to crack any of the hashed passwords or tested any of the plaintext passwords in the hacked data.โ
