Gab, an alternative social network popular with right-wing users, was hacked and a large trove of data — including passwords and private messages — was stolen.
CEO Andrew Torba acknowledged the hack, which was reported on Sunday by Wired, in a message posted to the Gab account on Twitter that said the social network was under attack. “The entire company is all hands investigating what happened and working to trace and patch the problem,” Torba wrote in the message, which includes a transphobic slur. Torba said the company is working with law enforcement on the issue.
The hacked data, dubbed GabLeaks, was shared by transparency group DDoSecrets. It includes 70GB of public posts, private posts, user profiles, hashed passwords, direct messages and plaintext passwords for groups, according to DDoSecrets. The group said it’s only offering the data set to journalists and researchers due to privacy concerns.
A hacker was able to siphon data from Gab’s site via a “SQL injection vulnerability,” DDoSecrets told Wired.
CNET hasn’t independently verified the content of the Gab data. The social network couldn’t immediately be reached for comment.
Gab took itself offline briefly last month when the social network was used in a bitcoin scam. Gab isn’t alone in being struck by bitcoin wallet spam. Last July, a massive bitcoin scam hit Twitter as hackers took over high-profile accounts, including those of Elon Musk, Bill Gates, Kanye West and Barack Obama.
Gab, which has previously come under fire for anti-Semitic content, hails itself as a platform for free speech, a self-characterization also used by Parler, a right-wing Twitter clone. Parler was taken offline for about a month after it lost services from Amazon Web Services because the social network was used to organize the Jan. 6 attack on Capitol Hill. Before Parler was taken offline, hackers were able to scrape data from the site to create an , including deleted posts and location data for images and videos.