GabLeaks: Claims by Gab Refuted by DDOSecrets.com
Not surprisingly, extremists appear to have made some false claims about a hack and data dump involving the far-right platform known as Gab. Rather than repeat their claims — claims that include blatantly bigoted language — DataBreaches.net provides the statement by public interest group DDOSecrets.com:
Distributed Denial of Secrets provided a pre-release copy of the data to a reporter with Wired. As is standard practice, the reporter reached out to Gab for comment. In response, Gab posted a blog entry stating that “reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users.”
These accusations are entirely false. Wired’s only interest was in reporting on the SQL injection and resulting breach of Gab, as well as Distributed Denial of Secret’s decision to provide journalists and researchers with copies of the data. To our knowledge, no one at Wired has had contact with the source – JaXpArO (they/them) & My Little Anonymous Revival Project – who entrusted us with both the data and their safety.
The following day, Gab CEO Andrew Torba made a post which indirectly referred to Distributed Denial of Secrets and called members of the group “mentally ill [t-slur] demon hackers,” accusing us of “attacking Gab right now” before claiming that both his and Trump’s Gab accounts were compromised, without specifying how or in what way.
The post also accused Distributed Denial of Secrets of targeting “law enforcement and their family members last summer.” Like other claims made by Torba, this is false. BlueLeaks did not “target” law enforcement, it simply exposed documents revealing the activities of law enforcement, including wrongdoing, which led to numerous news reports. Family of law enforcement were unaffected. Documents obtained through the Freedom of Information Act confirm that the names, phone numbers and addresses exposed were official work ones similar to what can be found on many law enforcement agency’s websites and public directories.
Distributed Denial of Secrets had no role in the compromise of Gab or any other service, and did not crack any password hashes, use any of the plaintext group passwords, or otherwise compromise anyone’s account. Early in the review process, we made the decision to limit the distribution of the dataset to both protect the privacy of innocent Gab users and the integrity of their accounts and private groups.