Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

Gab has been hacked. The app—which seems to have taken over from Parler as conservatives’ favorite place to vent their freedom of speech—fell “victim” to a simple SQL injection attack.

And a 70 GB trove is now in the hands of researchers and journalists. Gab’s CEO isn’t happy: Andrew Torba’s response was an offensive slur that one could hardly describe as LGBTx-friendly.

Is this the end for Gab? In today’s SB Blogwatch, we take the red-eye.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Enter Handman.

The Gift that Keeps on Giving

What’s the craic? Andy Greenberg reports—“Far-Right Platform Gab Has Been Hacked”:

 When Amazon booted Parler … in January, many of the site’s users flocked to Gab. [Now it] is the second far-right social media site to be deeply hacked in as many months.

An enormous trove of its contents has been stolen—including what appears to be passwords and private communications. … The hacker says that they pulled out Gab’s data via a SQL injection vulnerability.

The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts, and more available to researchers, journalists, and social scientists. … Gab CEO Andrew Torba acknowledged the breach [saying] “Reporters, who write for a publication that has written many hit pieces on Gab in the past … are essentially assisting the hacker in his efforts,” [and later] used a transphobic slur to insult [DDoSecrets].

Classy! Dan Goodin adds—“Trump’s is one of 15,000 Gab accounts that just got hacked”:

 Torba used a transphobic slur to refer to Emma Best, the co-founder of Distributed Denial of Secrets. … The data, Best said, was provided by an unidentified hacker. [They] said that DDoSecrets is making GabLeaks available only to journalists and researchers with a documented history of covering leaks.

GabLeaks, as DDoSecrets is calling the leak, comes almost eight weeks after pro-Trump insurrectionists stormed the US Capitol. … Gab has long been criticized as a haven for hate speech. In 2018, Google banned the Gab app. … A year later, web host GoDaddy terminated service to Gab.

They sound like lovely people. Emma Best—@NatSecGeek—hates to burst your bubble:

 Gab’s CEO just called me a “mentally ill tranny demon hacker” So … yeah.

This is … harassment, and worse it’s a threat and a call to arms. Posting pictures … and calling us demons, in the age of QAnon and January 6th, puts our lives in danger.

So like, can we sue Torba for harassment and defamation? Asking for a non-profit publisher allegedly staffed by demons. … I may be a mentally ill trans demon but you better put “former” in front of that “hacker” if you know what’s good for you.

Anyway, I have bad news for Torba because newsrooms around the world are already diving through the data and these posts do nothing but whip up attention. … Journalists and researchers can now access the data on our private .onion. Those who don’t already have the address are encouraged to send us requests for access.

But nobody believes the always-truthful Cassandra Fairbanks—“Gab has been hacked by a group of far-left activists”:

 Though Best is an anti-WikiLeaks nut job, the website for their hacked material is a complete ripoff of Julian Assange’s creation. The unoriginal criminals are even calling it “GabLeaks.”

While this case seems like a natural fit for charges under the Computer Fraud and Abuse Act, a law that is generally abused by the government, Best and her cronies don’t seem very worried.

So is that it for Gab? DeplorableCodeMonkey concludes, “Gab’s not done”:

 I’m on Gab. Not a single user has freaked out about this that I have seen. Far more users laughing it off and saying “bound to happen, change your passwords.”

Gab absorbed a lot of Parler users, but Gab was already big before Parler went down. The Gab old guard are actually closer to the left than mainstream conservatives in understanding how the interwebz work. The normies who flooded from Parler are also now eyes wide open.

Gab’s not going down over this.

Politics, schmolitics. A plague on both your houses, wishes kstenerud:

 I spent a number of years living in America … and made friends with people across the political spectrum. … What has always stood out to me is how much hatred and animosity the American right and left have for each other.

What always surprises me is the rabidity of the comments. … Although you belong to different tribes, your words are remarkably similar: It seems that you really do see the other party as made up of terrible people, misguided at best, inhuman monsters at worst, unfeeling and callous, perhaps even extermination-worthy in some extreme cases. This is not how politics work in the rest of the world.

Because of which, MightyMartian thinks we should have more leaks like this:

 You can’t have an echo chamber if someone keeps kicking open the door.

Butbutbut … CENSORSHIP! So dave_sullivan has an imaginary rhetorical conversation:

 Conservative: I have been censored for my conservative views.
Me: Holy ****! You were censored for wanting lower taxes?
Con: LOL … no not those views.
Me: So … deregulation?
Con: Ha ha, no, not those views either.
Me: Which views, exactly?
Con: Oh, you know the ones.

I know the ones. Many of them unprintable. But a SQL injection flaw? Amateur hour, thinks MrReynolds2U:

 Who the **** is still writing code that allows an SQL injection attack in 2021? It’s such a basic thing to guard against that there must be a multitude of other serious errors in their code.

Meanwhile, packrat0x makes the obligatory xkcd gag:

 Your site was still hacked by Bobby Tables.

And Finally:

Enter Handman

(While I’m kinda tired of Ms. Trouw’s “look at my knickers” schtick, this is good laff. Plus, it’s Accessible.)

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Geoffrey Baumbach (via Unsplash)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Sponsorships Available Unlike ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 399 posts and counting.See all posts by richi