Social network Gab hacked, hit with $500,000 ransom demand

A large trove of data was reportedly taken, including private posts and messages.

Carrie Mihalcik Managing Editor / News
Carrie is a Managing Editor at CNET focused on breaking and trending news. She's been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
2 min read
Gab social network hacked
Enlarge Image
Gab social network hacked

Gab social network hacked

James Martin/CNET

Gab, an alternative social network popular with right-wing users, was hacked and a large trove of data -- including passwords and private messages -- was stolen. The company says it's received a ransom demand for nearly $500,000 in bitcoin for the data.

The hacked data, dubbed GabLeaks, was shared by transparency group DDoSecrets. It includes 70GB of public posts, private posts, user profiles, hashed passwords, direct messages and plaintext passwords for groups, according to DDoSecrets. The group said it's only offering the data set to journalists and researchers due to privacy concerns.

CEO Andrew Torba acknowledged the hack, which was reported on Sunday by Wired, in a message posted to the Gab account on Twitter that said the social network was under attack. "The entire company is all hands investigating what happened and working to trace and patch the problem," Torba wrote in the message, which includes a transphobic slur. Torba said the company is working with law enforcement on the issue.

Torba revealed the ransom demand on Monday in a message posted to the company's website.

"The individuals holding us to ransom are extortionists," Torba writes in the post. "We do not pay ransom. We do not negotiate with extortionists. Period."

He also cricitized DDoSecrets for its supposed intention to release the data to journalists for ethical reasons.

"These people are not 'ethical hackers,' Torba goes on to say. "There is nothing 'ethical' about targeting millions of internet users for partisan political agendas."

A hacker was able to siphon data from Gab's site via a "SQL injection vulnerability," DDoSecrets told Wired. 

CNET hasn't independently verified the content of the Gab data. The social network couldn't immediately be reached for comment. 

Gab took itself offline briefly last month when the social network was used in a bitcoin scam. Gab isn't alone in being struck by bitcoin wallet spam. Last July, a massive bitcoin scam hit Twitter as hackers took over high-profile accounts, including those of Elon MuskBill GatesKanye West and Barack Obama.  

Gab, which has previously come under fire for anti-Semitic content, hails itself as a platform for free speech, a self-characterization also used by Parler, a right-wing Twitter clone. Parler was taken offline for about a month after it lost services from Amazon Web Services because the social network was used to organize the Jan. 6 attack on Capitol Hill. Before Parler was taken offline, hackers were able to scrape data from the site to create an archive of posts, including deleted posts and location data for images and videos.

CNET's Steven Musil contributed to this report.

Read also: Parler returns online after monthlong absence: Here's what you need to know