IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers steal 70GB of data from far-right social network Gab

The stolen data contains nearly 100,000 private messages from Gab users

Gab splash screen on a smartphone

Far-right social network Gab is investigating the alleged theft of 70GB of data containing over 40 million posts from its website.

The hacking group Distributed Denial of Secrets (DDoSecrets) reported the incident on Sunday. The person said to have taken the information goes by JaXpArO and the My Little Anonymous Revival Project. According to DDoSecrets, the data contains public and private posts, along with hashed user passwords, direct messages, and plain text passwords for groups. It also contains over 70,000 messages from over 19,000 chats.

DDoSecrets claimed no responsibility for the hack and said it’s merely reporting it and distributing information to the appropriate parties. It’s also limiting its distribution to journalists and researchers.

The hacker retrieved the information via a SQL injection attack, in which an attacker enters commands in the SQL injection language to an online form or via URL parameters. These attacks, which are part of a general injection attack class listed as the No. 1 form of web application attack by the Open Source Web Application Security Project (OWASP), and attackers have been exploiting them for over a decade.

"We were aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit," said Gab CEO Andrew Terba in a blog post about the incident. "We do not currently have independent confirmation that such a breach has actually taken place and are investigating."

Terba added that while the company hashes passwords, it doesn't encrypt them in groups, where passwords "are meant to be shared for users to join with.” The site no longer supports direct messaging functionality, he said.

Gab is an extreme far-right social network launched in May 2017. Paypal, GoDaddy, and Medium all banned Gab after one of its members posted an antisemitic message on the site before killing 11 people at a synagogue in October. Its hosting provider Joyent also booted the site from its servers. Gab later found a home with hosting service Epik.

DDoSecrets posted some analysis of the Gab data and found a marked rise in new Gab users just after Amazon kicked conservative social network Parler off its servers. New users jumped from a little under 50,000 on January 8 to around 450,000 on January 10, the figures show. Parler also suffered a hack in January, and the lone attacker exfiltrated 70 TB of data.

DDoSecrets is a successor to the secrets-leaking site Wikileaks. Active since 2018, DDoSecrets gained notoriety last June for BlueLeaks, the publication of US law enforcement officers’ data.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
A third of UK workers are surveilled by employers
privacy

A third of UK workers are surveilled by employers

8 Nov 2021
Facebook's Oversight Board demands more transparency
social media

Facebook's Oversight Board demands more transparency

21 Oct 2021
Senators urge FTC to enforce child privacy laws
privacy

Senators urge FTC to enforce child privacy laws

8 Oct 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022