Gab has come out swinging in the wake of the data breach, with chief executive Andrew Torba releasing a controversial statement via Twitter. Gab, a social network popular among Trump supporters and the heir apparent to Parler, has suffered a serious data breach. On Sunday 28th February, online activist group Distributed Denial of Secrets, revealed it had obtained Gab data from an anti-Trump hacktivist hoping to out users of the right-wing platform. In total, around 70GB of data was stolen, including up to 40 million public and private posts circulated on the social network. Hashed user passwords and user messages are also believed to be included in the data dump. In a report first published by Wired, a hacktivist named “JaXpArO” claimed to have discovered an SQL injection bug in Gab’s website. In turn, this allowed them to access and siphon off information from Gab databases. According to Wired, the hacked data also includes a chatlogs.txt file showcasing private conversations between site users. A note, believed to be from JaXpArO, features. “FUCK TRUMP. FUCK COLONIZERS & CAPITALISTS. DEATH TO AMERIKKKA,” the note reads. DDoSecrets revealed it will circulate the leaked data. However, this will be redacted and shared only with journalists and researchers. Co-founder Emma Best told Wired the leaked information is a vital resource which could help identify individuals and/or groups involved in the storming of the US Capitol Building on 6th January. “It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” she said. “It’s another gold mine of research for people looking at militias, neo-Nazis, the far-right, QAnon and everything surrounding January 6,” Best added.
via digit.fyi: Gift of the Gab? CEO of Alt-right Social Network Publishes Tirade Following Data Breach
siehe auch: SQL-INJECTION: Rechtsextremes soziales Netzwerk Gab gehackt. Private Nachrichten und Accountdaten von Nutzern der Plattform Gab sind mit einer SQL-Injection extrahiert worden. Die Gruppe DDoSecrets verbreitet Datenleaks und hat offenbar Zugriff auf einen Datendump von Gab. Mitgliedern der Gruppe DDoSecrets ist es offenbar gelungen, Zugriff auf die Datenbank des sozialen Netzwerks Gab zu erhalten. Gab sieht sich selbst als Plattform für Meinungsfreiheit, es wird vielfach von Rechtsextremen genutzt und gilt als “Twitter für Rassisten”. Das Magazin Wired hatte zuerst über den Leak berichtet. Die verantwortliche Gruppe DDoSecrets hat nach eigenen Angaben eine SQL-Injection-Sicherheitslücke genutzt, um an die Daten zu gelangen. Auch Gab selbst bestätigt in einer Meldung, dass die Seite für eine SQL-Injection verwundbar war. In der Stellungnahme warf Gab dem Magazin Wired vor, direkt mit den Angreifern zusammenzuarbeiten. Das bestreiten wiederum sowohl Wired als auch DDoSecrets. Demnach hatte eine Gruppe, die sich “JaXpArO (they/them) & My Little Anonymous Revival Project” nennt, die Daten DDoSecrets zur Verfügung gestellt. Gruppenpasswörter im Klartext enthalten Die Daten enthalten private Nachrichten, Accountdaten und Passwort-Hashes. Die Passwörter von Gruppen auf Gab wurden offenbar ungehasht gespeichert und sind daher im Klartext enthalten. Öffentlich verfügbar sind die gehackten Daten nicht, sie werden laut DDoSecrets einzelnen Journalisten und Forschern zur Verfügung gestellt; Far-Right Platform Gab Has Been Hacked—Including Private Data. The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists. . The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists; WHEN TWITTER BANNED Donald Trump and a slew of other far-right users in January, many of them became digital refugees, migrating to sites like Parler and Gab to find a home that wouldn’t moderate their hate speech and disinformation. Days later, Parler was hacked, and then it was dropped by Amazon web hosting, knocking the site offline. Now Gab, which inherited some of Parler’s displaced users, has been badly hacked too. An enormous trove of its contents has been stolen—including what appears to be passwords and private communications. On Sunday night the WikiLeaks-style group Distributed Denial of Secrets is revealing what it calls GabLeaks, a collection of more than 70 gigabytes of Gab data representing more than 40 million posts. DDoSecrets says a hacktivist who self-identifies as “JaXpArO and My Little Anonymous Revival Project” siphoned that data out of Gab’s backend databases in an effort to expose the platform’s largely right-wing users. Those Gab patrons, whose numbers have swelled after Parler went offline, include large numbers of Qanon conspiracy theorists, white nationalists, and promoters of former president Donald Trump’s election-stealing conspiracies that resulted in the January 6 riot on Capitol Hill. DDoSecrets cofounder Emma Best says that the hacked data includes not only all of Gab’s public posts and profiles—with the exception of any photos or videos uploaded to the site—but also private group and private individual account posts and messages, as well as user passwords and group passwords. “It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” Best wrote in a text message interview with WIRED. “It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6.”
By Simple text logo used by Gab Ai Inc. – <a rel=”nofollow” class=”external free” href=”https://gab.ai/”>https://gab.ai/</a>, Public Domain, Link