Hackers steal 70GB of data from far-right social network Gab

Gab splash screen on a smartphone

Far-right social network Gab is investigating the alleged theft of 70GB of data containing over 40 million posts from its website.

The hacking group Distributed Denial of Secrets (DDoSecrets) reported the incident on Sunday. The person said to have taken the information goes by JaXpArO and the My Little Anonymous Revival Project. According to DDoSecrets, the data contains public and private posts, along with hashed user passwords, direct messages, and plain text passwords for groups. It also contains over 70,000 messages from over 19,000 chats.

DDoSecrets claimed no responsibility for the hack and said it’s merely reporting it and distributing information to the appropriate parties. It’s also limiting its distribution to journalists and researchers.

The hacker retrieved the information via a SQL injection attack, in which an attacker enters commands in the SQL injection language to an online form or via URL parameters. These attacks, which are part of a general injection attack class listed as the No. 1 form of web application attack by the Open Source Web Application Security Project (OWASP), and attackers have been exploiting them for over a decade.

"We were aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit," said Gab CEO Andrew Terba in a blog post about the incident. "We do not currently have independent confirmation that such a breach has actually taken place and are investigating."

Terba added that while the company hashes passwords, it doesn't encrypt them in groups, where passwords "are meant to be shared for users to join with.” The site no longer supports direct messaging functionality, he said.

Gab is an extreme far-right social network launched in May 2017. Paypal, GoDaddy, and Medium all banned Gab after one of its members posted an antisemitic message on the site before killing 11 people at a synagogue in October. Its hosting provider Joyent also booted the site from its servers. Gab later found a home with hosting service Epik.

DDoSecrets posted some analysis of the Gab data and found a marked rise in new Gab users just after Amazon kicked conservative social network Parler off its servers. New users jumped from a little under 50,000 on January 8 to around 450,000 on January 10, the figures show. Parler also suffered a hack in January, and the lone attacker exfiltrated 70 TB of data.

DDoSecrets is a successor to the secrets-leaking site Wikileaks. Active since 2018, DDoSecrets gained notoriety last June for BlueLeaks, the publication of US law enforcement officers’ data.

Danny Bradbury

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing. 

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.