Gab CEO Andrew Torba confirmed Monday that the breach of Gab by sexually deviant left-wing hackers earlier in the day was not, in fact, a new attack on the website’s infrastructure, and actually relied on harvested authorization tokens taken during the original hack in February.
“The attacker who stole data from Gab harvested OAuth2 bearer tokens during their initial attack,” Torba revealed in a statement. “Though their ability to harvest new tokens was patched, we did not clear all tokens related to the original attack. By reusing these old tokens, the attacker was able to post 177 statuses in an 8-minute period today. We have not independently verified the information that the hacker posted is authentic.”
Torba continued, “Gab immediately took the site offline, suspecting this was a new attack. We have been able to confirm it was not a new attack, have cleared all compromised tokens, and are requiring users to log in again. As this is not a new attack and no new data has been compromised, there is no need to change your password or take any other action.”
“We apologize for the inconvenience, and are very confident this will not happen again,” the Gab CEO added.
National File reported earlier today on the original breach that saw spam statuses appear on the timelines of verified accounts for a very brief amount of time:
Left-wing transgender hackers secured access to hundreds of Gab accounts on Monday, posting spam messages that attacked Gab CEO Andrew Torba and Gab’s “despicable users.” The website went offline shortly after the breach, likely as a short term security measure.
The hackers, who appear confident that they will not face justice for their illegal actions from law enforcement officials sympathetic to their accounts, focused on verified accounts during Monday’s hack, including the National File Gab account.
Gab CEO Andrew Torba slammed the attack by “mentally ill tranny demon hackers” when news of the data breach first surfaced in February, and stated “we are working with our partners in law enforcement on this issue.”
Gab has refused to comply with the illegal demands made by the hackers, and it appears the breach has had little effect in dissuading the website’s intensely loyal user base from using the free speech platform.