The social network Gab, which is popular with right-wing extremists, apparently did not adequately protect the data of its users: 70 gigabytes of data are said to have leaked from the platform in a hack. This was announced by the activist group “DDoSecrets”, which now wants to make the data set accessible to the media and researchers under the name “GabLeaks”.
The data includes public and private posts, user profiles and 70,000 private messages, as the group announced on its website. “This is another gold mine for researchers who investigate the militias, neo-Nazis, the extreme right, QAnon and the events around January 6th,” said Emma Best, one of the senior members of DDoSecrets to the magazine “Wired”. The trade journal first reported on the data leak and, according to its own information, was able to view part of the data set in advance.
In the United States in particular, numerous prominent right-wing extremists and right-wing extremists have an account on Gab that works similarly to Twitter. The site acts as an alternative platform for users who have been blocked on other networks and played a role in the storming of the Capitol on January 6th. Gab has long been positioned as a right-wing alternative and tried to lure Donald Trump to the side after he was banned from Twitter.
The alternative platform Parler, which is also popular with right-wing extremists, had previously been the victim of a leak. A hacker had succeeded in stealing and bundling a large amount of data; she put the record online. The Parler leak revealed how users of the alternative network penetrated the Capitol on January 6 and were there during the storm.
“You can see how the use of Gab skyrocketed when Parler went offline and right-wing extremist groups needed a new platform,” writes a member of DDoSecrets to SPIEGEL. Statistics on the organization’s website show that there were numerous new registrations to Gab immediately after Parler’s early termination in January.
Gab boss confirms security vulnerability and reacts with insults
In a blog post, company boss Andrew Torba said that they were investigating reports of a security vulnerability. Torba confirmed that his Gab account had been compromised and that there was a security vulnerability on Gab that enabled a so-called SQL injection. Such relatively widespread and frequently exploited vulnerabilities allow large amounts of data to be downloaded. Emma Best had explained to Wired that in the case of the gab hack too, such a vulnerability was exploited to gain access to the data.
Andrew Torba also attacked the activist group in an online post with savage insults. DDoSecrets acts like a kind of alternative to the WikiLeaks disclosure platform. The group has repeatedly released confidential data that may be relevant to the public. Since the “GabLeaks” also contain private messages and passwords, the current data set is not made publicly available for download, but only shared with certain partners, the group explained.
A DDoSecrets member emphasized on request that the organization was of course not responsible for the hack itself. The data set was obtained from an anonymous source called »JaXpArO«. “Source protection is of the utmost importance to us,” emphasized the member on request.