Dear Gab user:
What Happened?
We are writing to inform you that, on February 28th, 2021, Gab AI, Inc. (“Gab”) became aware that it was potentially the victim of security incident in which a bad actor gained unauthorized access to the systems and networks used to operate the Gab platform. We have reported the incident to law enforcement.
What Information Was Involved?
The personal information that could have been affected includes your Gab handle (i.e., the URL at which your account profile is available (e.g., www.gab.com/xyz)); your Gab display name; your email address; a hashed version of the password that you use to access your Gab account; and your Gab user identification number. If you chose to verify your account by going through our verification process and submitting a picture of your driver’s license, passport, or other identification document as part of that process, the information on that document (including your date of birth) may also have been affected.
What We are Doing
Please know that protecting your personal information is something that we take very seriously. As soon as we became aware of this incident, we engaged external legal counsel and a leading independent forensics firm to assist us with the investigation into and response to the incident.
We have taken steps to prevent an attack in the future, as well as made additional improvements that strengthen our cybersecurity protections, including changing administrator passwords on affected systems, employing multi-factor authentication on administrator accounts, implementing steps to migrate our platform to a new back-end infrastructure, and deploying an endpoint monitoring solution. In addition, we are working with law enforcement to investigate the incident.
What You Can Do
There are important steps that you can take to reduce the potential risk of fraud, identity theft, and misuse of your online account. Please change your password at our site and at all other sites where you use the same password. We further recommend avoiding using easy-to-guess passwords or using the password that you use for any other accounts. You should be on guard for schemes, known as phishing attacks, where malicious actors may pretend to represent Gab or reference this incident.
The Federal Trade Commission (FTC) recommends that you remain vigilant by checking your credit reports periodically. Checking your credit reports periodically can help you spot problems and address them quickly. You can also order free copies of your annual reports through www.annualcreditreport.com. You should monitor your financial accounts for any suspicious activity. For more information about steps you can take to reduce the likelihood of identity theft or fraud, call 1-877-ID-THEFT (877-438-4338), visit the FTC’s website at http://www.ftc.gov/bcp/edu/microsites/idtheft/, or write to: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. However, if you believe you are the victim of identity theft, you should immediately contact your local law enforcement agency, your state’s attorney general, or the FTC.
Contact Information for Consumer Reporting Agencies and Information on Credit Report Fraud Alerts
You may also place a fraud alert on your credit file free of charge. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. You can call any one of the three major credit bureaus at the contact information below or place fraud alerts online at the websites below. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts.
| Experian | Equifax | TransUnion | |
| Phone | 1-888-397-3742 | 1-800-525-6285 or 1-888-766-0008 | 1-800-680-7289 |
| Address | Experian Fraud Division P.O. Box 9554 Allen, TX 75013 | Equifax Consumer Fraud Division PO Box 740256 Atlanta, GA 30374 | TransUnion LLC P.O. Box 2000 Chester, PA 19016 |
| Online Credit Report Fraud Alert Form | https://www.experian.com/fraud/center.html | https://www.equifax.com/personal/credit-report-services/ | https://fraud.transunion.com/fa/fraudAlert/landingPage.jsp |
Information on Security Freezes
In addition to a fraud alert, you may place a security freeze on your credit file. A security freeze will block a credit bureau from releasing information from your credit report without your prior written authorization. Please be aware that it may delay, interfere with, or prevent the timely approval of any requests you make for new loans, mortgages, employment, housing or other services. The fees for placing a security freeze vary by state, and a consumer reporting agency may charge a fee of up to $10.00 to place a freeze or lift or remove a freeze. Massachusetts law allows consumers to place a security freeze on their credit reports free of charge.
To place a security freeze on your credit report, you must send a written request to each of the major consumer reporting agencies by regular, certified, or overnight mail. You can also place security freezes online by visiting each consumer reporting agency online.
| Experian | Equifax | TransUnion | |
| Address | Experian Security Freeze P.O. Box 9554 Allen, TX 75013 | Equifax Security Freeze P.O. Box 105788 Atlanta, Georgia 30348 | TransUnion LLC P.O. Box 2000 Chester, PA 19016 |
| Online Security Freeze Form | https://www.experian.com/freeze/center.html | https://www.equifax.com/personal/credit-report-services | https://www.transunion.com/credit-freeze |
To request a security freeze, you will need to provide the following information:
- Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security Number;
- Date of birth;
- If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address such as a current utility bill or telephone bill;
- A legible photocopy of a government issued identification card (state driver’s license or ID card, military identification, etc.);
- If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.
The credit reporting agencies have three (3) business days after receiving your request to place a security freeze on your credit report. The credit bureaus must also send written confirmation to you within five (5) business days and provide you with a unique personal identification number (PIN) or password, or both, that can be used by you to authorize the removal or lifting of the security freeze.
To lift the security freeze in order to allow a specific entity or individual access to your credit report, you must call or send a written request to the credit reporting agencies by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze, as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. The credit reporting agencies have three (3) business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time.
To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and Social Security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
For More Information
You may obtain further information from the FTC and the credit reporting agencies about fraud alerts and security freezes.
Please read our prior blog posts on this incident:
Blog Post Update #1
Blog Post Update #2
We sincerely regret that this incident occurred and thank you for your continued trust and support in our team. If you have any questions, please feel free to contact us at [email protected].
Sincerely,
Andrew Torba
CEO, Gab.com
Jesus is King
March 26th, 2021
