News
Hacktivists target Gab.com
BlogBreachesResourcesNews
Hacktivists target Gab.com

Hacktivists target Gab.com

Edward Kost
Edward Kost
March 1, 2021

Gab, the social media alternative attracting far-right users has been hacked. The salvaged data, known as ‘GabLeaks” consists of over 40 million posts, amounting to over 70 gigabytes of data.

The data was breached by a hacktivist by the name of “JaXpArO.” The motivation behind the attack was to expose the alleged controversial content being permitted by the platform.

The breached data included:

  • User data 
  • Private posts 
  • Private group posts 
  • Private individual messages
  • User passwords

DDoSecrets, a non-profit devoted to the free transmission of data, announced that they had the breached data in a tweet by it’s journalist, Emma Best:


Gab responded to this claim in a public announcement denying that a breach occurred

“Today we received an inquiry from reporters about an alleged data breach. We have searched high and low for chatter on the breach on the Internet and can find nothing.” Gab said in its public statement.

Emma Best revealed that the breach occurred through an SQL injection vulnerability on the Gab website. Such vulnerabilities integrate text field data with backend code, allowing hackers to access and manipulate backend SQL databases.

Since the Capitol Hill riots in January 2021, hacktivists have been targeting right-winged social platforms. The Gab data breach, however, required a little more hacking acuity than the Parler cyber attack.

Parler lacked very basic security measures that could have prevented its mass data scraping incident. Its most embarrassing vulnerability is known as an ‘insecure direct objective reference”. 

The chronological order of every Parler post was reflected in its URL. By increasing the order number in the URL by 1, the next post could be loaded. Such rudimentary coding practices made Parler optimal for programmatic scraping.

Gab’s exfiltrated data has not been published yet. Until (and if) this happens, Gab will continue to deny that a data breach occurred.

“ We do not currently have independent confirmation that such a breach has actually taken place and are investigating. Much of this information (in particular Gab public posts and public user profiles) is already public.”

How secure is Gab.com?

Gab is an American alt-tech social networking service.
  • Check icon
    View our free preliminary report on Gab.com’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Gab.com's score
View score
http://gab.com
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

Supply Chain Ransomware Attack Impacts Semiconductor Manufacturer

One of the world's largest manufacturers of semiconductors has attributed a $250 million loss in its second-quarter sales report to a supply chain attack.
Edward Kost
Edward Kost
February 27, 2023
Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Optus Data Breach Exposes Up to 9.8 Million Customers' Details

Cybercriminals believed to be working for a criminal or state-sponsored operation breached Optus' internal network, compromising personal information impacting up to 9.8 million customers.
Edward Kost
Edward Kost
September 26, 2022
Medibank Data Breach Impacts 9.7 Million Customers

Medibank Data Breach Impacts 9.7 Million Customers

Medibank suffered a data breach that compromised 9.7 million current and former customers.
Edward Kost
Edward Kost
November 11, 2022
OpenWRT breached through admin account

OpenWRT breached through admin account

OpenWRT, an open source firmware solution for home routers, was breached exposing the email addresses of many of its forum users.
Edward Kost
Edward Kost
January 16, 2021
Australian Real Estate Website Hacked 

Australian Real Estate Website Hacked 

Domain, one of Australia’s leading property market platforms, has fallen victim to a cyber attack
Edward Kost
Edward Kost
May 24, 2021
NT Government forced offline by compromised third-party vendor

NT Government forced offline by compromised third-party vendor

The Northern Territory Government's third-party IT system supply has fallen victim to a ransomware attack.
Edward Kost
Edward Kost
January 11, 2021
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating
UpGuard logo
UpGuard is a complete third-party risk and attack surface management platform.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contact sales
Free trial
Products
Tools
Company
Insights
Products
Compare
Solutions
Company
Insights
© UpGuard, Inc.
Research GuidelinesPlatform Terms & ConditionsWebsite Terms & ConditionsPrivacyCookies