Hacktivists "JaXpArO" and "My Little Anonymous Revival Project" have broken into the systems of Gab after they exploited an SQL injection flaw, stealing 70 GB comprising 40 million public and private posts, 15,000 user profiles, hashed passwords, 70,000 direct messages, and the plaintext passwords of group admins of the far-right social media network.
Gab acknowledged the hack and claimed that its backend databases were accessed by the DDoSecrets collective, who allegedly demanded a ransom of nearly $500,000 in Bitcoin. Gab’s CEO, Andrew Torba, stated that they will not negotiate with the infiltrators and will instead notify the federal law enforcement. In reality, DDoSecrets was entrusted with the data and also shared the set with Wired to have an independent reporter confirm their validity.
The collective's main goal wasn’t to extort Gab for money but to expose information relevant to the January 6, 2021, Capitol storming event, neo-Nazi propaganda, the dissemination of baseless and dangerous QAnon theories, and any calls for far-right, racist militia action. It is an interesting move from the particular group, as DDoSecrets hasn’t demonstrated a political leaning in the past - although one of their previous leaks, “BlueLeaks,” exposed U.S. law enforcement agencies.
This data exfiltration and subsequent leak come soon after "Parler," another right-wing social media platform, had to deal with similar trouble. Many of Parler’s users migrated to Gab, so some of these people have now been exposed twice.
The goal of the “leaktivists” is to help the authorities link Gab profiles to real identities, figure out everyone who was involved in the January events, arrest and prosecute them. However, the group has clarified that the distribution of “GabLeaks” will be limited and careful to help protect the privacy of innocent Gab users.
Andrew Barratt, Managing Principal, Solutions and Investigations at Coalfire told us:
Gab has decided to respond to the situation by calling the hackers “devils,” citing verses from the Bible and completely ignoring all technical aspects of the attack and their own failure to detect and stop it. Judging from that, it may take Gab quite some time to actually strengthen its security.