A Bear's Face on Mars Blake Lively's New Role Recognizing a Stroke Data Privacy Day Easy Chocolate Cake Recipe Peacock Discount Dead Space Remake Mental Health Exercises
Want CNET to notify you of price drops and the latest stories?
No, thank you

Social network Gab hacked, hit with $500,000 ransom demand

A large trove of data was reportedly taken, including private posts and messages.

Gab social network hacked
Gab social network hacked
James Martin/CNET

Gab, an alternative social network popular with right-wing users, was hacked and a large trove of data -- including passwords and private messages -- was stolen. The company says it's received a ransom demand for nearly $500,000 in bitcoin for the data.

The hacked data, dubbed GabLeaks, was shared by transparency group DDoSecrets. It includes 70GB of public posts, private posts, user profiles, hashed passwords, direct messages and plaintext passwords for groups, according to DDoSecrets. The group said it's only offering the data set to journalists and researchers due to privacy concerns.

CEO Andrew Torba acknowledged the hack, which was reported on Sunday by Wired, in a message posted to the Gab account on Twitter that said the social network was under attack. "The entire company is all hands investigating what happened and working to trace and patch the problem," Torba wrote in the message, which includes a transphobic slur. Torba said the company is working with law enforcement on the issue.

Torba revealed the ransom demand on Monday in a message posted to the company's website.

"The individuals holding us to ransom are extortionists," Torba writes in the post. "We do not pay ransom. We do not negotiate with extortionists. Period."

He also cricitized DDoSecrets for its supposed intention to release the data to journalists for ethical reasons.

"These people are not 'ethical hackers,' Torba goes on to say. "There is nothing 'ethical' about targeting millions of internet users for partisan political agendas."

A hacker was able to siphon data from Gab's site via a "SQL injection vulnerability," DDoSecrets told Wired. 

CNET hasn't independently verified the content of the Gab data. The social network couldn't immediately be reached for comment. 

Gab took itself offline briefly last month when the social network was used in a bitcoin scam. Gab isn't alone in being struck by bitcoin wallet spam. Last July, a massive bitcoin scam hit Twitter as hackers took over high-profile accounts, including those of Elon MuskBill GatesKanye West and Barack Obama.  

Gab, which has previously come under fire for anti-Semitic content, hails itself as a platform for free speech, a self-characterization also used by Parler, a right-wing Twitter clone. Parler was taken offline for about a month after it lost services from Amazon Web Services because the social network was used to organize the Jan. 6 attack on Capitol Hill. Before Parler was taken offline, hackers were able to scrape data from the site to create an archive of posts, including deleted posts and location data for images and videos.

CNET's Steven Musil contributed to this report.

Read also: Parler returns online after monthlong absence: Here's what you need to know