Far-right social media platform Gab, a haven for pro-Trump conspiracy theories, has been hacked AGAIN

[ThisThingIsUseful]

Failure to purge authentication tokens taken in first breach leads to second one.

The compromise came to light after someone hijacked the account of Gab founder and CEO Andrew Torba and left a post criticizing him for not paying an 8 bitcoin ransom for the safe return of documents used to verify the identity of some users. The unknown hacker also accused Torba of failing to disclose the full extent of the earlier breach.

Click to shrink...

"The attacker who stole data from Gab harvested OAuth2 bearer tokens during their initial attack," Torba wrote. "Though their ability to harvest new tokens was patched, we did not clear all tokens related to the original attack. By reusing these old tokens, the attacker was able to post 177 statuses in an 8-minute period today."

Gab's failure to purge bearer tokens may have stemmed from unfamiliarity with the open source Mastodon code the site runs or an unwillingness to require users to go through the hassle of resetting OAuth2 bearer tokens. The theft of the tokens came as a surprise to many because they weren't included in a trove of hacked Gab data posted by the Wikileaks-style site Distributed Denial of Secrets following the breach.

Click to shrink...

Hack me (don't) if old.

 

[oldboss]

Oh no.

Reading that side bar content has almost given me an ulcer.

 

[CreepingFear]

 

[TarpitCarnivore]

If you want a nerdy deep dive Troy Hunt offers a in-depth look into and even some back and forth that happened: https://www.troyhunt.com/gab-has-been-breached/

 

[Razmos]

Oh no.

Reading that side bar content has almost given me an ulcer.

Click to shrink...

Absolutely vile, and that's just the headlines lol imagine the user created content

 

[Slayven]

To truly own the libs, you yourself have to be owned

 

[Ashlette]

It's scary that some people look at that site's headlines on the right and say "hmm, this is fine".

If that site was shut down for good, nobody would miss it. Nobody important anyways.

 

[Crossing Eden]

 

[FormatCompatible]

 

[DiipuSurotu]

Does this kind of hacking keep happening to those sites because they are very frequently targeted, or is this because they have shit security?

 

[ThisThingIsUseful]

Does this kind of hacking keep happening to those sites because they are very frequently targeted, or is this because they have shit security?

Click to shrink...

The latter, I'm pretty sure. You have to think sites like Facebook, Twitter, Instagram, hell stuff like NBCNews.com are targeted frequently.

If you want a nerdy deep dive Troy Hunt offers a in-depth look into and even some back and forth that happened: https://www.troyhunt.com/gab-has-been-breached/

Click to shrink...

This has been a really good read, thanks!

 

[CreepingFear]

It's scary that some people look at that site's headlines on the right and say "hmm, this is fine".

If that site was shut down for good, nobody would miss it. Nobody important anyways.

Click to shrink...

Those are tame compared to some of the stuff I saw shared on Facebook during the Obama years. I unfollowed people before finally quitting Facebook altogether.

 

[FormatCompatible]

 

[CreepingFear]

There's a term in the IT industry about people knowing just enough to get themselves in trouble. Well, the people that started Gab and Parler knew just enough to start a website, but not to keep it secure.

 

[DanarchyReigns]

Click to shrink...

Pfffffft. Not even trying with the excuse.

Also, "protect Free Speech" yet nobody can reply to this thread.

 

[PeakPointMatrix]

Click to shrink...

*sees disabled replies*

Of course, no freeze peaches for me.

 

[Fat4all]

just a little gab'll screw ya

 

[Humidex]

OH NO.

anyway.

 

[Psittacus]

8 BTC is too high, they should have made it laughably low to really drive the point home

 

[impingu1984]

Click to shrink...

Hackers are hacking you cos you are so easy to own... Not purging Auth tokens having owned the first time .... Come on.. this isn't hard..

It's almost as if these right wing platforms aren't run by professionals or something

 

[ThisThingIsUseful]

It's almost as if these right wing platforms aren't run by professionals or something

Click to shrink...

Hmm.



You may be onto something here.

 

[boxter432]

Click to shrink...

Err why aren't they banned from Twitter??

 

[IggyChooChoo]

When will I get to search for the posts of my second cousin-in-law? She quit Facebook last October after her posts about Hillary drinking children's blood kept getting taken down, and I need to know exactly how crazy she got on Gab/Parler in case she and my second cousin ever get back together!

 

[TarpitCarnivore]

There's a term in the IT industry about people knowing just enough to get themselves in trouble. Well, the people that started Gab and Parler knew just enough to start a website, but not to keep it secure.

Click to shrink...

The founder of Gab was formerly part of YC before getting kicked out

 

[Weltall Zero]

Oh no.

Click to shrink...

Anyway.

 

[Deleted member 75954]

Captain Jack Sparrow confirmed for antifa.

Err why aren't they banned from Twitter??

Click to shrink...

Because even Gab doesn't want to use Gab.