Gab: Right-wing social network hacked with posts, passwords, and private messages revealed

Over 40 million posts were leaked from the site

Adam Smith
Monday 01 March 2021 14:45 GMT
(Adam Smith / The Independent)

Support truly
independent journalism

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas


Gab, the social media platform popular with right-wing online commentators, has been hacked, with passwords and private communication leaking.

The “GabLeaks” hack contains more than 70GB of data taken from the social media site, including over 40 million posts.

The organisation that is revealing the information, Distributed Denial of Secrets, told Wired that a hacktivist called “JaXpArO and My Little Anonymous Revival Project” took the data out of the site’s backend database.

The hack apparently contains all of Gab’s public posts and profiles, private group messages, user passwords, and group passwords. It does not contain any photos or videos uploaded to the site.

Some of the prominent members whose passwords appear to be available include Donald Trump, QAnon-conspiracy theorist and congresswoman Marjorie Taylor Greene, and broadcaster Alex Jones.

The data will not be released due to its sensitivity, but will be provided to journalists and researchers. Wired has apparently viewed the data, and it appears to be valid. The Independent has contacted DDoSecrets for a copy.

“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” DDoSecrets cofounder Emma Best told Wired.

“It’s another gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon and everything surrounding January 6.”

The hack apparently took place using an SQL injection vulnerability, which is when a website does not differentiate between user input and the site’s code.

In a statement published Andrew Torba, Gab’s CEO, said that it was “aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit.”

A few days later, Torba claimed that both his account and Donald Trump’s accounts were compromised. DDoSecrets claims that no passwords had been cracked, nor had they been tested. The Independent has reached out to Gab for further comment.

Gab is not the only platform popular with right-wing users that has recently had personal information divulged. Parler, an app popular with insurrectionists who stormed Capitol Hill, inadvertently uploaded their GPS coordinates to the app which was scraped and archived by researchers.

Over 500 videos taken rioters stormed the Capitol building were arranged in chronological order and can be scrolled through by users.

DDoSecrets has also revealed vital data before - but which saw its account get banned from Twitter. The group published documents from 200 law enforcement agencies, which revealed that the FBI monitored the social media accounts of protestors and sent such information to law enforcement.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in