CEO and co-founder of social media platform Gab said the site had suffered a data breach. WIRED reported that the far-right platform had more than 70 gigabytes of data, and 40 million posts, leaked by a hacktivist who self-identifies as "JaXpArO and My Little Anonymous Revival Project."
Gab became increasingly popular after Twitter banned Donald Trump's account from his platform, and specially after Parler was hacked and went offline, and users migrated to the platform. According to WIRED, the hacktivist siphoned that data out of Gab's backend databased in an effort to expose the far-right platform users, mostly comprised of promoters of former president Trump's election-stealing conspiracies, large numbers of Qanon conspiracy theorists, white nationalists, and other right-wing users.
Emma Best, DDoSecrets cofounder, reports the hacked data includes all of Gab's public posts and profiles, except photos and videos uploaded to the site, and private group and private individual account posts and messages, and user passwords and group passwords. DDoSecrets will not be publicly releasing the data due to its "sensitivity and the vast amounts of private information it contains. Vast amounts of private information it contains. Instead the group says it will selectively share it with journalists, social scientists, and researchers," WIRED reports.
The hacker says that they exfiltrated Gab's data via a SQL injection vulnerability in the site — a common web hacking technique, which consists of insertion or “injection” of a SQL query via the input data from the client to the application.
According to WIRED, among the users whose hashed passwords appeared to be included in the data were those for Donald Trump, Republican congresswoman and QAnon-conspiracy theorist Marjorie Taylor Greene, MyPillow CEO and election-conspiracy theorist Mike Lindell, and disinformation-spouting radio host Alex Jones.
Though the hacktivist references to an "Anonymous Revival Project," they are not associated with the Anonymous group, but they want to "represent the nameless struggling masses against capitalists and fascists," WIRED says.
Alec Alvarado, Threat Intelligence Team Lead at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, says, “Hacktivism usually involves a quick claim for an attack; this is done to draw attention to their movement. Hence why defacement or DDoS is so popular in hacktivist attacks.”
Andrew Barratt, Managing Principal, Solutions and Investigations at Coalfire, a Westminster, Colorado-based provider of cybersecurity advisory services, says, "It’s an interesting case of ‘hacktivism’ that could put the DDoS Secrets team in an interesting position politically in the future. One only has to look at the treatment of Ed Snowden and Julian Assange to see how that could work out long term. It is yet another victim in the online war."
Barratt explains, "Hacktivism has been around since the birth of the internet with attacks on political parties around the world, as well as corporations that have fallen foul of their own transparency goals. In the old days a webpage would be defaced, or made to be self satire. Now denial of service attacks and data drops are the preferred weapon to get the attention of those in charge. It is definitely here to stay, in one evolved form or another."
Barratt adds, "I think the level of data alleged to be stolen is down to accurate and it’s likely that a prolonged compromise took place. Gabs’ reaction appears to have been very defensive at first, which is not an uncommon response. For many a data breach can carry the same five stages as grief. If it was a simple SQL injection attack that was used to haul data from them, they really need to take a prolonged look at their security posture as well as perhaps consider themselves a more likely target for other attacks in future. This will inevitably lead to them needing a more focused defense to try to mitigate these kind of threats in the future.”