‘DDoSecrets’ Is Soon to Publish 70GB of Far-Right Detestation Coming Straight From ‘Gab’

Last updated September 28, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

Hacktivists "JaXpArO" and "My Little Anonymous Revival Project" have broken into the systems of Gab after they exploited an SQL injection flaw, stealing 70 GB comprising 40 million public and private posts, 15,000 user profiles, hashed passwords, 70,000 direct messages, and the plaintext passwords of group admins of the far-right social media network.

Gab acknowledged the hack and claimed that its backend databases were accessed by the DDoSecrets collective, who allegedly demanded a ransom of nearly $500,000 in Bitcoin. Gab’s CEO, Andrew Torba, stated that they will not negotiate with the infiltrators and will instead notify the federal law enforcement. In reality, DDoSecrets was entrusted with the data and also shared the set with Wired to have an independent reporter confirm their validity.

The collective's main goal wasn’t to extort Gab for money but to expose information relevant to the January 6, 2021, Capitol storming event, neo-Nazi propaganda, the dissemination of baseless and dangerous QAnon theories, and any calls for far-right, racist militia action. It is an interesting move from the particular group, as DDoSecrets hasn’t demonstrated a political leaning in the past - although one of their previous leaks, “BlueLeaks,” exposed U.S. law enforcement agencies.

This data exfiltration and subsequent leak come soon after "Parler," another right-wing social media platform, had to deal with similar trouble. Many of Parler’s users migrated to Gab, so some of these people have now been exposed twice.

The goal of the “leaktivists” is to help the authorities link Gab profiles to real identities, figure out everyone who was involved in the January events, arrest and prosecute them. However, the group has clarified that the distribution of “GabLeaks” will be limited and careful to help protect the privacy of innocent Gab users.

Andrew Barratt, Managing Principal, Solutions and Investigations at Coalfire told us:

It’s an interesting case of ‘hacktivism’ that could put the DDoS Secrets team in an interesting position politically in the future. I think the level of data alleged to be stolen is down to accurate, and it’s likely that a prolonged compromise took place. If it was a simple SQL injection attack that was used to haul data from them, they really need to take a prolonged look at their security posture as well as perhaps consider themselves a more likely target for other attacks in the future.

Gab has decided to respond to the situation by calling the hackers “devils,” citing verses from the Bible and completely ignoring all technical aspects of the attack and their own failure to detect and stop it. Judging from that, it may take Gab quite some time to actually strengthen its security.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: