Alleged Data Breach – 26 February 2021 Andrew Torba, February 26, 2021February 26, 2021 Share this: Today we received an inquiry from reporters about an alleged data breach. We have searched high and low for chatter on the breach on the Internet and can find nothing. We can only presume the reporters, who write for a publication that has written many hit pieces on Gab in the past, are in direct contact with the hacker and are essentially assisting the hacker in his efforts to smear our business and hurt you, our users. The reporter, without providing us with any evidence of the breach or assistance to identify its veracity, alleged that an archive of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups have been leaked via a SQL injection attack. We were aware of a vulnerability in this area and patched it last week. We are also proceeding to undertake a full security audit. We do not currently have independent confirmation that such a breach has actually taken place and are investigating. Much of this information (in particular Gab public posts and public user profiles) is already public. It is standard practice for passwords to be hashed. If the alleged breach has taken place as described, your passwords have not been revealed. For groups, where passwords are meant to be shared for users to join with, we do not encrypt this information as is noted in our group creation interface. DMs were only live for a few weeks and are not currently a feature supported by the site, so if a breach has in fact occurred in that domain we expect the number of affected accounts to be low. Gab collects very little from our users in terms of personal information. It is entirely possible for a user of the site to be unidentifiable based on the information they provide at login. In our subscriber records we do not collect health or financial information; we do not collect dates of birth; we do not collect social security numbers; we do not collect telephone numbers; we do not track user searches, queries or browsing history; we do not check who owns an e-mail address before setting up an account (and, in this instance, we have no indication that e-mail addresses were compromised.) Every major tech company – from Facebook to Twitter – has been the target of multiple and continued data breaches. We collect very little personal data so that, in the event of a data breach, the effect on our users will be minimized. As we learn more about this alleged breach, we will notify the community publicly with our findings as required by law. Andrew TorbaCEO, Gab.comJesus is King Uncategorized
Uncategorized Social Media “Influencer” Culture Is Crap November 27, 2020November 27, 2020 Share this:I have already written extensively about social media “influencers” and why these people don’t support or join Gab despite years of incessant whining about Big Tech censorship–on Big Tech platforms. Read More
Uncategorized Gab Under Attack: The DDOS on January 23rd January 24, 2023January 24, 2023 Share this:On Monday, January 23rd around 3:30pm, we received a few odd emails, claiming to have found a vulnerability in our site. The email basically said go ahead and check, your site is down, pay us a small amount in Bitcoin and we’ll give you the solution. We work with bug… Read More
Uncategorized The People’s Media Revolution November 12, 2020December 13, 2020 Share this:Yesterday the New York Times reached out to me for a comment on Gab’s recent growth. I’ve never had any luck with getting the New York Times to describe Gab accurately or fairly over the years, so I opted to use my new standard reply for all dishonest and corrupt… Read More