TL;DR
A hacker using the name Martha Root remotely wiped three white supremacist websites during a presentation at the Chaos Communication Congress in Hamburg. The attacker published scraped profile data and DDoSecrets has taken custody of a larger dataset while the sites remain offline and the administrator vows retaliation.
What happened
At the end of a talk at the annual Chaos Communication Congress in Hamburg, a pseudonymous hacktivist who identifies as Martha Root remotely deleted the servers hosting three white supremacist sites: WhiteDate, WhiteChild and WhiteDeal. Root — reportedly dressed as the Pink Ranger from the Power Rangers — presented alongside journalists Eva Hoffmann and Christian Fuchs, who previously reported on the sites for Die Zeit. The sites were taken offline and, according to Root, data scraped from WhiteDate was published online; that dataset included user profiles with names, images, ages, location fields (including precise coordinates), gender, language, race and other uploaded personal information. Root said no emails, passwords or private messages were present in the published extract. The sites’ administrator confirmed the intrusion on social media, called the action cyberterrorism and said consequences would follow. TechCrunch was unable to independently verify the administrator’s identity or obtain a response to outreach. DDoSecrets says it has received a roughly 100 GB dataset from the three sites and is offering access to verified reporters and researchers.
Why it matters
- The incident highlights how extremist platforms can be targets of direct action that blurs protest, journalism and illegal hacking.
- Published scraped data reportedly contained precise geolocation metadata, raising privacy and physical-safety concerns for users featured on those sites.
- Use of automated tools to bypass site verification underscores security weaknesses on niche platforms and the evolving tactics attackers employ.
- Custody of the dataset by an archival group and its limited availability to journalists raises questions about responsible handling and disclosure of leaked personal information.
Key facts
- Event: Chaos Communication Congress (39C3), held in Hamburg, Germany.
- Per reporting, the hacker used the pseudonym Martha Root and appeared in a Power Rangers costume during the talk.
- Sites affected: WhiteDate, WhiteChild and WhiteDeal; all three were taken offline after the action.
- Co-presenters: journalists Eva Hoffmann and Christian Fuchs, who previously wrote about the sites for Die Zeit.
- Root published scraped data from WhiteDate containing profiles with names, pictures, ages, precise coordinates for location fields, gender, language, race and other user-provided information.
- According to Root’s summary of the leak, WhiteDate had more than 6,500 users with an approximate gender split of 86% men and 14% women.
- Root said the breach leveraged AI chatbots that bypassed site verification and were marked as “white” during the verification process (as described in the talk abstract).
- The administrator of the three sites acknowledged the intrusion on social media, alleging the action amounted to cyberterrorism and saying there would be repercussions.
- DDoSecrets reported receipt of files and user information from the three sites, describing the collection as “WhiteLeaks” and offering access to verified journalists and researchers to request the full 100 GB dataset.
- Root, Hoffmann and Fuchs say they have identified the sites’ administrator as a woman from Germany, a claim TechCrunch could not independently confirm; outreach to the administrator received no response.
What to watch next
- Whether the three websites return online and whether their administrator follows through on promised reprisals — not confirmed in the source.
- If DDoSecrets will publish more of the dataset publicly or continue to restrict access to vetted journalists and researchers.
- Any law enforcement inquiries, legal action or formal investigations into the deletion and data publication — not confirmed in the source.
Quick glossary
- Chaos Communication Congress (39C3): An annual conference in Germany focused on technology, digital rights, security and hacking culture.
- Hacktivist: An individual who uses hacking techniques to advance a political or social agenda, often targeting organizations or platforms seen as objectionable.
- DDoSecrets: A nonprofit collective that archives and provides access to leaked datasets claimed to be in the public interest.
- AI chatbot: A software agent that uses artificial intelligence to simulate conversation and can be used to automate interactions with websites and services.
- Geolocation metadata: Location information embedded in files such as images that can reveal precise physical coordinates where a file was created or uploaded.
Reader FAQ
Who carried out the deletion of the sites?
The action was attributed to a pseudonymous hacker calling themself Martha Root.
How were the sites accessed according to the presentation?
Root said they used AI chatbots to bypass verification processes and the bots were accepted as “white,” per the talk abstract.
Were account passwords or private messages exposed?
According to Root’s statement about the published extract, there were no emails, passwords or private conversations included.
Has the administrator been identified or confirmed?
Root and the journalists say they identified the administrator as a woman from Germany, but TechCrunch could not independently confirm that claim.
Is there information on legal consequences or investigations?
Not confirmed in the source.
A hacktivist remotely wiped three white supremacist websites live on stage during their talk at a hacker conference last week, with the sites yet to return online. The pseudonymous hacker,…
Sources
- Hacktivist deletes white supremacist websites live on stage during hacker conference
- Hacktivist deletes white supremacist websites live on stage …
- Researcher Wipes White Supremacist Dating Sites, Leaks …
Related posts
- Offshore wind firms sue over Trump administration halt to $25B projects
- Web Developer Posts Public Payment-Demand Notice on Client’s Website
- Singularity rootkit targets modern Linux kernels with SELinux bypass