In total, DDoSecrets has leaked 70 GB worth of sensitive data belonging to registered Gab users.
Note: Article has been corrected/edited with additional information – The previous version mistakenly attributed the hack to DDoSecrets.
DDoSecrets, a group of hacktivists has leaked a massive trove of data belonging to Gab.com. Gab is a right-wing social network platform claiming to offer “freedom of speech” with no censorship whatsoever.
It is worth noting Gab is described as a haven for extremists including white supremacists, neo-Nazis, white nationalists, the alt-right, and QAnon conspiracy theorists.
On February 26th,2020, Gab.com published a blog post in which the company addressed hacking-related rumors and denied that it has suffered a data breach.
The company then went offline mysteriously for a short period of time a week ago and insisted that there was some issue with Bitcoin wallet spam which affected only a few accounts.
Gab’s CEO Andrew Torba claimed that they were contacted by reporters who talked about an alleged data breach that may have leaked an archive of posts, DMs, profiles, and hashed passwords.
Torba continued to take a stance where he defended the company and said that there was no independent confirmation of a breach that took place and also claimed that their site does not collect much personal information about its users anyway.
They then proceeded to deflect the blame by accusing unnamed reporters of working with hackers to smear its reputation. Torba admits the site is aware that it had a vulnerability to an SQL injection attack and a flaw that they patched last week, followed by a security audit that is still going on.
DDoSecrets obtained data from hacktivists
The group that claimed responsibility for the attack goes by the name of DDoSecrets. The group’s founder Emma Best calls themselves WikiLeaks-like transparency or hacktivists group instead of hackers.
“DDoSecrets says a hacktivist who self-identifies as “JaXpArO and My Little Anonymous Revival Project” siphoned that data out of Gab’s backend databases in an effort to expose the platform’s largely right-wing users,” Wired reported.
As seen by Hackread.com, it can be confirmed that DDoSecrets has leaked 70 GB of data under the title of “GabLeaks.” The leak includes 70 GB of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups.
70 GB of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups in SQL format, along with over 70,000 messages in more than 19,000 chats with over 15,000 users in plaintext format, the group mentions on its site.
On Twitter, Best was asked if Gab’s data includes Capitol insurrection videos/pics? In response, Best added that “No, but a University could easily use the data to retrieve media uploaded to Gab.”
Previous leaks by DDoSecrets
Initially, DDoSecrets started leaking a trove of data back in November 2019. Their first known data leak belonged to The Cayman National Bank when 2TB of its data was leaked online.
In June 2020, the same group started an operation dubbed BlueLeaks and dumped 296 GB worth of data from over 200 police departments and Fusion centers in the United States. The leak was upsetting for authorities and forced German police to seize DDoSecrets’ servers hosted in Zwickau, Germany.
Gab, right-wing and bans
Gab, on the other hand, is a right-wing “free speech” social network and they claim to uphold the first amendment of the US Constitution and by allowing all forms of political speech on their platform with the exception of illegal activity, threats of violence, doxxing, pornography, child exploitation, and spams.
Furthermore, they are against any sort of censoring which is why they are also banned from more than twenty-five service providers over the years including both App Stores, payment processors, hosting providers, and even VISA.