The founder of the far-right social media site Gab said former President Donald Trump’s private account was among the data stolen and released publicly by hackers who breached the site recently.
In a statement on Sunday, founder Andrew Torba used a transphobic slur to refer to Emma Best, co-creator of Distributed Denial of Secrets. The statement confirms the WikiLeaks group’s claims done on Monday that he obtained 70GB of passwords, private posts, and more from Gab and made them available to select researchers and journalists. The data, which is better said, was provided by a number of hackers who violated Gab by exploiting a SQL-injection vulnerability in its code.
“My account and Trump’s account were hacked, so as Trump was about to go on stage and speak,” Torba wrote on Sunday as Trump was about to speak at the CPAC conference in Florida. “Every company on all hands is investigating what happened and working to find and patch the problem.”
An important data set
GabLeaks, as DDoSecrets is calling the leak, comes nearly eight weeks after pro-Trump protesters stormed the US Capitol. Terrorists took hundreds of videos and photos of the riot and posted them online. The main social networking sites remove much of the content because it violates their terms of service.
“Gab data is an important, but complex data base,” DDoSecrets staff wrote in a post on Monday morning. “In addition to being a corpus of public discourse on Gab, it includes all private posts and many private messages, as well. In a simpler or more ordinary time, it will be an important sociological tool. In 2021 , it is also a record of the culture and the facts surrounding not only the increase in extremist views and actions, but the movement.”
Gab and a competing site called Parler are some of the last safe havens that allow much of the content to be public. Amazon and other web hosting providers later pointed out the lack of proper content moderation in hosting service to Parler.
Shortly before the shutdown, however, someone found a way to use Parler’s publicly available programming interfaces to remove about 99 percent of user content from the site and then make it publicly available.
While law enforcement agencies may have other ways to obtain Parler data, its public availability allows a much wider group of people to conduct their own research and investigations. The leak is especially important because of the metadata that is often leaked before users can download videos and images. The metadata gives people the ability to track the exact times and locations of the participants photographed.
DDoSecrets says the 70GB GabLeaks contains more than 70,000 classified messages in more than 19,000 chats by more than 15,000 users. The leak also showed passwords that were “hashed,” a cryptographic technique that turns plain text into unintelligible characters. While hashes cannot be converted back to plain text, breaking them can be trivial when websites choose weak hashing schemes. (Better than Ars, they don’t know what hashing is used.) The link also includes plaintext passwords for user groups.
A place of hate speech
Gab has long been criticized as a haven for hate speech. In 2018, Google banned the Gab app from the Play Store for copyright infringement. A year later, web host GoDaddy terminated service to Gab after one of its users took to the site to criticize the Hebrew Immigrant Aid Group shortly before the killing of 11 people in a Pittsburgh synagogue.
Gab has also been investigated by the Pennsylvania attorney general. In January, the Anti-Defamation League sued the US Department of Justice study Gab for his role in the insurrectionist attack on the Capitol.
Attempts to reach Torba for comment were unsuccessful.
Best said that DDoSecrets is making GabLeaks available only to journalists and researchers with a history of covering up leaks. People can use it this link to request access.