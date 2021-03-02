



The founder of the far-right social media platform Gab said that former President Donald Trump’s private account was among data stolen and made public by hackers who recently breached the site.

In a statement Sunday, founder Andrew Torba used a transphobic insult to refer to Emma Best, the co-founder of Distributed Denial of Secrets. The statement confirmed claims the WikiLeaks-style group said on Monday that it had obtained 70 GB of passwords, private messages and more from Gab and was making them available to some researchers and reporters. The data, Best said, was provided by an unidentified hacker who raped Gab by exploiting an SQL injection vulnerability in his code.

“My account and Trump’s account have been compromised, of course as Trump is about to take the stage and speak,” Torba wrote on Sunday as Trump was about to speak at the CPAC conference in Florida . “The whole company is up to the task to investigate what has happened and to work to trace and correct the problem.”

A large dataset

GabLeaks, as DDoSecrets calls the leak, comes nearly eight weeks after pro-Trump insurgents stormed the U.S. Capitol. Rioters took hundreds of thousands of videos and photos of the siege and uploaded them. Mainstream social media sites have removed much of the content because it violated their terms of service.

“Gab data is a large but complicated dataset,” DDoSecrets staff wrote in a post Monday morning. “As well as being a body of public discourse on Gab, it also includes all private messages and many private messages. In a simpler or more ordinary time, it would be an important sociological resource. In 2021, it’s also a toll of culture and accurate statements surrounding not only an increase in extremist opinions and actions, but an attempted coup. “

Publicity

Gab and a competing site called Parler were among the last havens that kept much of the content open to the public. Amazon and web hosting providers subsequently reported a lack of content moderation when the service was suspended at Parler.

Shortly before the shutdown, however, someone found a way to use Parler’s publicly available programming interfaces to extract roughly 99% of the site’s user content and subsequently make it publicly available.

While law enforcement groups likely had other means of obtaining Parler’s data, their public availability allowed a much larger group of people to do their own research and investigation. The leak was particularly valuable because the materials contained metadata that is typically removed before users can upload videos and images. The metadata gave people the ability to track the precise deadlines and locations of filmed participants.

DDoSecrets stated that the 70 GB GabLeaks contain more than 70,000 unencrypted messages in more than 19,000 chats by more than 15,000 users. The dump also shows “hashed” passwords, a cryptographic process that converts plain text to unintelligible characters. Although hashes cannot be converted back to plain text, cracking them can be trivial when websites choose weak hash schemes. (Best told Ars they didn’t know which hash scheme was being used.) The leak also includes clear-text passwords for user groups.

Haven of hate speech

Gab has long been criticized as a haven for hate speech. In 2018, Google banned the Gab app from its Play Store for breaching the terms of use. A year later, web host GoDaddy terminated service to Gab after one of its users took to the site to criticize the Hebrew Immigrant Aid Society shortly before killing 11 people in a Pittsburgh synagogue. .

Gab was also the subject of an investigation by the Pennsylvania attorney general. In January, the Anti-Defamation League called on the US Department of Justice to investigate Gab for his role in the insurgency attack on the capital.

Attempts to reach Torba for comment were unsuccessful.

Best said that DDoSecrets makes GabLeaks accessible only to reporters and researchers with a documented history of leak coverage. People can use this link to request access.

