In late February, somebody hacked Gab, an online safe space for white supremacists and other extremists. The hacker, who self-identifies as “JaXpArO and My Little Anonymous Revival Project,” exfiltrated roughly 65 gigabytes of data, including 4 million Gab accounts, 31,000 groups, and 39 million posts (over 100,000 of which were posted to private groups).
The hacker then leaked this data, which spans the site’s launch in August 2016 until February 19, to the transparency collective Distributed Denial of Secrets. In a Gab post, the hate site’s CEO Andrew Torba falsely accused DDoSecrets of hacking Gab, using an anti-trans slur while he was at it.
Due to privacy concerns, DDoSecrets is only offering GabLeaks to journalists and researchers who request access rather than publishing the full leak on the internet. (For the record, I’m a member of the DDoSecrets advisory board.)
For everyone else, here’s a broad overview of the GabLeaks data. Some of it is fairly technical, so bear with me. I’ll try to explain what I mean when I use unfamiliar terms.
Database Dumps and Chat Logs
JaXpArO provided DDoSecrets with data exported from a PostgreSQL database containing accounts, groups, and posts as well as a text file containing thousands of chat messages.
Out of the over 4 million accounts, 38,175 include email addresses (though not all of them appear to be valid email addresses) and 7,110 include password hashes, which are basically scrambled representations of passwords, from which in some cases the original password can be recovered (more on this below).
For example, here is the data associated with QAnon-believing, school-shooting-survivor-harassing Rep. Marjorie Taylor Greene’s Gab account:
Her account was created with the email address firstname.lastname@example.org on January 11, and at the time Gab was hacked in late February, she had 217,544 followers, a verified account, and had 72 posts. It also includes her password hash but not the password itself.
The chat logs are all contained in a single 9.5-megabyte text file. In addition to chat logs showing Torba courting prominent anti-Semites for his site, the text file includes more than 70,000 messages from over 15,000 users. For example, here’s a snippet of the chatter going on during the January 6 insurrection at the U.S. Capitol:
@666666: Just so you know, I’m going to terrorize and burn some Democrats places. Come bail me out
@666666: If you ever want info on someone, let me know. I [can] hunt anyone down. I’m using my skip tracing skills to “give back” to the democratic community. It’s only fair
Gab by the Numbers
By January 6, the day that Donald Trump supporters tried to violently prevent Congress from certifying Joe Biden’s electoral victory, Gab had 1.6 million accounts. After the insurrection, Amazon’s cloud hosting business kicked the extremist social network Parler off its platform, a decision that prompted a flood of exiled Parler users to flee to Gab. Between January 6 and February 19, an additional 2.4 million Gab accounts were created.
The vast majority of these over 4 million accounts aren’t actually active. Only 1.5 million of them have posted any content to the site at all, and only 400,000 of those have posted more than 10 times. Just over 100,000 accounts have posted more than 10 times since December 1, 2020, making that number much closer to Gab’s actual active user base.
The post-insurrection spike in Gab accounts also holds true for Gab groups. However, there’s also a spike in private groups that were created before the insurrection. The night of December 22, someone created 46 private groups for chapters of the Oath Keepers, a far-right anti-government militia that helped storm the Capitol weeks later, but the groups were either never used or their members deleted all of the posts in them and left the groups before Gab was hacked in late February.
Most Popular Content on Gab
Here are the 20 most popular public groups on Gab:
- /g/The_Donald (299,156 members)
- Trump 2020 (225,711 members)
- News (210,733 members)
- QAnon and the Great Awakening (210,201 members)
- WeLoveTrump (185,007 members)
- Conservative News (178,843 members)
- Stop The Steal (165,184 members)
- QAnon (156,739 members)
- QAnon Patriots (147,193 members)
- Guns of Gab (146,938 members)
- Joe Biden Is Not My President (141,452 members)
- Christianity (135,789 members)
- Memes, memes, and more memes. (125,753 members)
- Introduce Yourself (124,341 members)
- Libertarians of Gab (110,378 members)
- #QAnons Supporters (109,876 members)
- Q Research (109,629 members)
- Politics (100,584 members)
- Survival (95,070 members)
- HISTORY BUFFS (83,781 members)
And here are the 20 most popular private groups on Gab (though some of them, like Internet Censorship, appear to be public now):
- Internet Censorship (76,820 members)
- Conservative Teachers of America (18,711 members)
- Hunting and Fishing (17,886 members)
- Thank heaven Biden is President… said no one ever. (6,727 members)
- American Patriot Reality Check (2,583 members)
- Parler people (2,370 members)
- County by County (1,580 members)
- The Patriot Party (1,250 members)
- US / UK Patriots (1,112 members)
- The Right Side (914 members)
- Patriot Business Network (681 members)
- Women For Trump (659 members)
- Catholic Prayer Group (631 members)
- Conservatives and Trump Supporters – Middle Tennessee (541 members)
- MAGA PARTY IS ALIVE AND WELL (500 members)
- Flu You Baker Class Action (445 members)
- Shane’s Ice Fishing Unfiltered (414 members)
- Taiwanese American Patriots Supporting President Trump (371 members)
- Sewing Enthusiasts of Gab (366 members)
- ConservativeHomepage.com Forum (338 members)
Here are the Gab users with the most followers:
- Andrew Torba, @a, the CEO of Gab (2,187,241 followers). New users automatically follow him.
- Gab Help, @help, (1,649,252 followers). New users automatically follow this account too.
- @gab (1,604,953 followers). New users automatically follow this one too.
- Donald J. Trump, @realdonaldtrump (1,300,952 followers). New users automatically follow this account, and it’s not actually used by Trump.
- @NeonRevolt (658,673 followers). This is a major QAnon conspiracy account.
- Paul Joseph Watson, @PrisonPlanet (525,685 followers). This is a prominent conspiracy theorist and editor of the site InfoWars.
- The Epoch Times, @TheEpochTimes (506,975 followers). This is a far-right news organization run by a Chinese cult that spent more money on pro-Trump Facebook ads in 2020 than any entity other than the Trump campaign itself.
- Ron Watkins, @codemonkey (433,084 followers). This is the former admin of the image board 8chan, frequented by white supremacists and multiple mass shooters and the birthplace of the QAnon conspiracy movement.
- Donald Trump Jr. Feed, @DonaldJTrumpJrFeed (432,583 followers). This is a bot that reposts tweets from Donald Trump Jr.’s Twitter account.
- National File, @NationalFile (404,809 followers). This is a far-right news organization.
The Gab post with the most engagement on the whole platform is this post from @realdonaldtrump (which, again, isn’t actually run by the real Donald Trump).
The Gab post that ranks ninth in engagement is from the major QAnon account @StormIsUponUs.
Needless to say, his predictions did not come to pass.
Cracking Gab Passwords
Like most websites, instead of storing passwords itself, Gab scrambles the passwords using a “hash function” and stores the scrambled versions instead, called a “password hash.” For example, if someone used the password “Trump2020,” GabLeaks would only contain the scrambled version of that. The only way to confirm if that’s their password is to try running it through the same hash function Gab uses and see if any accounts are using that hash.
It turns out that at least three Gab users are using the password “Trump2020,” at least one is using “Trump2024,” and at least one is using “trump2024” (with a lowercase “t”). A few Gab users are using typical insecure passwords like “123456,” “asdf1234,” “letmein,” and “password1.” And at least one user is using an anti-Black racial slur as their password.
Armed with the 7,710 password hashes from GabLeaks, a list of nearly 9,000 password guesses that I created, and my gaming PC, which has a graphics processing unit, or GPU — hardware that can quickly do the math required for 3D graphics as well as things like cracking passwords — I used a tool called hashcat to see which passwords were weak. It took about three days to crunch the numbers, and at the end I successfully cracked 88 passwords, 49 of which were unique.
Among the Gab accounts I found using incredibly weak passwords was an account with the username “OneManAuschwitz” that shares Nazi propaganda used a weak password, as did an account belonging to a “Proud White Man” that shares racist and anti-Semitic memes. Several accounts devoted to QAnon had weak passwords, and so did several accounts that share run-of-the-mill conspiracy theories about the Covid-19 vaccine and the 2020 election.
Thirty-one of the cracked passwords used the same extremely weak password, and nearly all of them used email addresses from the disposable email service sharklasers.com. These are all Gab “fan” accounts that repost tweets from popular extremist Twitter accounts. For example, the Candace Owens fan account has 10,200 followers on Gab, the Dinesh D’Souza fan account has 7,800 followers, and the Breitbart News fan account has 7,100 followers. None of these accounts have posted since November 2018 and are now abandoned.
Correction: March 16, 2021
A previous version of this article stated that one of the Gab accounts with weak passwords belonged to Spencer Brown, the spokesperson for the Young America’s Foundation, a conservative youth organization with alumni that include former Trump senior policy adviser Stephen Miller and former Attorney General Jeff Sessions. Brown did not respond to a request for comment prior to publication but an attorney for the Young America’s Foundation contacted The Intercept after publication and stated that the Gab account was not associated with Brown.