Free speech social network Gab has been hacked with over 70GB worth of public posts, private posts, and hashed passwords being compromised in the breach.
According to WIRED, which was given a sample of the hacked data by the group DDoSecrets, the hacked data contains all of Gab’s public posts and profiles (except for photos and videos that were uploaded to Gab), many private posts, hashed user passwords, and plain text group passwords.
In total, DDoSecrets claims that “70GB of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups in SQL format, along with over 70,000 messages in more than 19,000 chats with over 15,000 users in plaintext format” were stolen.
“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” DDoSecrets co-founder Emma Best told WIRED.
WIRED added that the hashed passwords of former President Donald Trump, Congresswoman Marjorie Taylor Greene, MyPillow CEO Mike Lindell, and Infowars founder and host Alex Jones were included in the hacked data.
DDoSecrets claims it was given the data by a “hacktivist who self-identifies as ‘JaXpArO and My Little Anonymous Revival Project.'” The hacker reportedly siphoned data out of Gab’s backend databases via an SQL injection vulnerability in the site – a web bug that allows a text field to be used to meddle with a site’s backend SQL database.
Gab CEO Andrew Torba wrote that the company was “aware of a vulnerability in this area and patched it last week” and that Gab is “proceeding to undertake a full security audit.”
“We collect very little personal data so that, in the event of a data breach, the effect on our users will be minimized,” Torba added. “As we learn more about this alleged breach, we will notify the community publicly with our findings as required by law.”
In a follow-up post, Torba wrote that his account and Trump’s account had been compromised and that Gab is “working with our partners in law enforcement on this issue.”
“The entire company is all hands investigating what happened and working to trace and patch the problem. As we learn more I will keep you posted.”
According to DDoSecrets and WIRED, the hacker stole the data “in an effort to expose the platform’s largely right-wing users” and left the note “FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA” in one of the hacked files. Best added that the hacker wants to”represent the nameless struggling masses against capitalists and fascists.”
DDoSecrets told WIRED that it won’t be releasing the data publicly but it will “selectively share it with journalists, social scientists, and researchers.” DDoSecrets and WIRED added that they had “not attempted to crack any of the hashed passwords or tested any of the plaintext passwords in the hacked data.”