Skip to main content

Gab blames reported hack of 40 million posts on ‘demon hackers’

Gab blames reported hack of 40 million posts on ‘demon hackers’


A hacker was able to siphon some 70GB of data, including private posts

Share this story


Right-wing social media website Gab has reportedly been hacked, and CEO Andrew Torba said on Twitter that “demon hackers” were to blame, using a transphobic slur to describe them.

Wired first reported that a hacker, who goes by “JaXpArO and My Little Anonymous Revival Project,” carried out the hack to expose Gab’s users. Private messages from some 15,000 Gab users were used to create a dataset of more than 40 million posts from the site, including private posts. User profiles, some users’ hashed passwords, and passwords for groups also were affected by the hack, which reportedly used a SQL injection vulnerability to siphon some 70GB of data.

Activist data transparency group Distributed Denial of Secrets (DDoSecrets), plans to share the data with researchers and journalists but says it is not releasing it publicly due to privacy concerns.

“In a simpler or more ordinary time, it’d be an important sociological resource,” according to a blog post on the DDoSecrets wiki site. “In 2021, it’s also a record of the culture and the exact statements surrounding not only an increase in extremist views and actions, but an attempted coup.”

DDoSecrets co-founder Emma Best told Wired the data was a “gold mine of research for people looking at militias, neo-Nazis, the far right, QAnon, and everything surrounding January 6,” when the US Capitol was attacked.

Since the attack on the Capitol, Gab has seen an 800 percent spike in traffic

When Wired first contacted Gab about the data breach, Torba wrote in a blog post that Gab had not confirmed what it called the “alleged breach,” telling users that if the attack had “taken place as described, your passwords have not been revealed.”

Torba later tweeted that the company was, in fact, being attacked by hackers and was investigating. He said his own account and one for former President Trump were among those compromised. But Vice reported last month that the Trump account wasn’t actually affiliated with the former president.

Since the attack on the Capitol, Gab has seen an 800 percent spike in traffic, and its registered user numbers have doubled, NPR reported. The Anti-Defamation League has called for an investigation into Gab to determine “whether the social media platform intentionally aided or abetted” people who were involved in the riot.

Torba founded Gab in 2016, styled as a free speech alternative to other social media sites. It gained notoriety in 2018 when a man posted an anti-Semitic message on the site before driving to Pittsburgh and killing 11 people in a synagogue. Gab removed the account and cooperated with investigators but was dropped by its hosting platform and PayPal. Its app was kicked out of both Google and Apple’s app stores for violating hate speech policies.

Gab did not immediately reply to a request for comment Monday.