Gab’s CEO on Feb. 28 said his account was among those compromised in a hack of the social media website.
“The same people behind this attack targeted law enforcement officers and their family members last summer. The feds are treating them as a criminal hacker organization. We are working with our partners in law enforcement on this issue,” Andrew Torba, founder and CEO of Gab, wrote.
He said his account and one linked to former President Donald Trump, which isn’t directly used by Trump, were compromised just before Trump took the stage at the Conservative Political Action Conference in Florida.
“The entire company is all hands investigating what happened and working to trace and patch the problem,” Torba said, promising to keep users posted.
Gab is a competitor to larger companies such as Twitter and Facebook, along with upstarts such as Parler. Gab shifted to its own servers several years ago after being removed by GoDaddy.
The group Distributed Denial of Secrets (DDoSecrets) told Wired magazine that the hack was perpetrated by a hacker who describes him or herself as “JaXpArO and My Little Anonymous Revival Project.” The hacker collected more than 70 gigabytes of data.
“It contains pretty much everything on Gab, including user data and private posts, everything someone needs to run a nearly complete analysis on Gab users and content,” said Emma Best, co-founder of DDoSecrets, adding that DDoSecrets would release data to a select group of reporters, scientists, and researchers.
“Journalists and researchers can now access the data on our private .onion,” Best wrote on Twitter, where she identifies as a journalist and activist.
DDoSecrets has previously released hacked law enforcement data, information from companies in Burma, and data from dark websites. The group’s account is currently suspended on Twitter, which has policies against publishing hacked materials. Its website was offline on March 1.
Torba in a previous blog post said that, after inquiries from reporters, workers had “searched high and low for chatter on the breach on the Internet and can find nothing.”
“We can only presume the reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users,” he wrote.
Torba said Gab collects “very little” personal information.
“In our subscriber records we do not collect health or financial information; we do not collect dates of birth; we do not collect social security numbers; we do not collect telephone numbers; we do not track user searches, queries or browsing history; we do not check who owns an e-mail address before setting up an account (and, in this instance, we have no indication that e-mail addresses were compromised.),” he said.
“Every major tech company—from Facebook to Twitter—has been the target of multiple and continued data breaches. We collect very little personal data so that, in the event of a data breach, the effect on our users will be minimized. As we learn more about this alleged breach, we will notify the community publicly with our findings as required by law.”