Remember when archivists collected every post on the conservative social media platform Parler earlier this year?
A similar thing just happened to another right-wing online platform, Gab, as hackers claim to have broken into the social media site. But this intrusion is even worse.
On Sunday, a hacktivist collective known as Distributed Denial of Secrets (DDoSecrets) announced “GabLeaks,” over 40 million posts that the hackers claim they pulled from the platform. The archive doesn’t just include public profiles and posts, it also includes posts and messages from private accounts, private groups, group passwords, and some hashed user passwords.
The entire leak is made up of more than 70 gigabytes of data, and was provided to DDoSecrets by a hacker that goes by “JaXpArO and My Little Anonymous Revival Project.”
“It contains pretty much everything on Gab…everything someone needs to run a nearly complete analysis on Gab users and content,” said DDoSecrets co-founder Emma Best in a statement to WIRED, which first reported on the hack. “It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6.”
Gab is a social network known for hosting extremists. Its user base is widely seen as even being more far-right than Parler’s.
Andrew Torba, the founder and CEO of Gab, originally denied it collected such data and questioned the legitimacy of the breach as word spread about the potential leaks over the weekend. Torba has since amended his statement, labeling DDoSecrets as “demon hackers” (among other transphobic slurs), and claims the company has now involved law enforcement.
In many ways, this hack is much larger than what the archivists were able to pull from Parler. The poorly coded site — which just came back online a few weeks ago after getting booted off Amazon’s hosting service — had an exploit. The vulnerability, which one developer uncovered, allowed them to easily scrape all the data from the platform via public links.
Gab, however, was actually breached. Best tells WIRED that hackers discovered an SQL injection vulnerability on the platform, which provided them access to the site’s backend database. However, unlike Parler, the hackers were unable to pull photos and video from Gab.
When Parler’s data was pulled earlier this year, the trove of information provided a look into the Jan. 6 insurrection that wasn’t available anywhere else on mainstream social media websites. After Parler was taken offline in January, many of its users migrated to Gab. It’s possible that there’s even more to be uncovered about Jan. 6 in these GabLeaks.
Due to the “sensitivity” of the data, DDoSecrets will not be marking the leaks public. However, the group will be providing legitimate researchers and journalists with access to the data by request.