Andrew Torba's response: https://gab.com/a/posts/105857352965159221 > The attacker who stole data from Gab harvested OAuth2 bearer tokens during their initial attack. Though their ability to harvest new tokens was patched, we did not clear all tokens related to the original attack. By reusing these old tokens, the attacker was able to post 177 statuses in an 8-minute period today. We have not independently verified the information that the hacker posted is authentic. > Gab immediately took the site offline, suspecting this was a new attack. We have been able to confirm it was not a new attack, have cleared all compromised tokens, and are requiring users to log in again. As this is not a new attack and no new data has been compromised, there is no need to change your password or take any other action. > We apologize for the inconvenience, and are very confident this will not happen again.