Notorious 4chan Forum Hacked and the Internal Data Leaked
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The notorious online message board 4chan experienced a significant security breach, with hackers reportedly accessing and leaking sensitive internal data including source code, moderator information, and administrative tools.
The site was taken offline for several hours as administrators attempted to mitigate the damage, and has since been functioning only intermittently.
4chan Hack Exposes Source Code and Admin Data
According to The Register, the attackers gained complete shell access to 4chan’s servers, allowing them to extract sensitive data and temporarily control the platform’s functionality. The breach exposed:
source code leak
Security analysts have attributed the vulnerability to 4chan’s outdated technical infrastructure.
“The hack was likely caused by 4chan using an extremely out-of-date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated functions to interact with [their] MySQL database,” reported security researcher Yushe.
Security researcher Kevin Beaumont described the incident as “a pretty comprehensive [compromise] including SQL databases, source and shell access”
Rival Forum Claims Responsibility
A group associated with rival imageboard Soyjak Party (colloquially known as “Sharty”) has claimed responsibility for the attack.
In a post on their platform, they stated: “Today, April 14, 2025, a hacker, who has been in 4cuck’s system for over a year, executed the true operation soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site”.
The attack appears motivated by long-standing tensions between the two communities. Soyjak Party was reportedly formed by former members of 4chan’s /qa/ board after it was banned in 2020.
The attackers demonstrated their control over the system by temporarily restoring the previously banned /qa/ board and defacing it with the message “U GOT HACKED XD”. This action confirmed they had gained administrative privileges within the system.
Security expert Alon Gal, co-founder of cybercrime monitoring company Hudson Rock, stated that the hack “looks legit,” citing publicly circulating screenshots showing 4chan’s backend infrastructure.
The exposure of moderator emails potentially compromises the anonymity 4chan has long promised.
Some leaked email addresses reportedly include .edu and .gov domains, raising questions about who has been moderating the controversial platform.
As of writing, 4chan remains intermittently available as administrators work to contain the breach and restore services. No official statement has been released by 4chan’s management regarding the extent of the attack or the timeline for complete restoration.
This incident represents one of the most significant security breaches in 4chan’s two-decade history, potentially marking a turning point in how anonymous platforms approach their security infrastructure.
#Cyber_Security #Cyber_Security_News #Data_Beach #Php #Vulnerability
Оригинальная версия на сайте:
Notorious 4chan Forum Hacked and the Internal Data Leaked
Author: KaaviyaThe notorious online message board 4chan experienced a significant security breach, with hackers reportedly accessing and leaking sensitive internal data including source code, moderator information, and administrative tools.
The site was taken offline for several hours as administrators attempted to mitigate the damage, and has since been functioning only intermittently.
4chan Hack Exposes Source Code and Admin Data
According to The Register, the attackers gained complete shell access to 4chan’s servers, allowing them to extract sensitive data and temporarily control the platform’s functionality. The breach exposed:
- The complete PHP source code of the site, including the main file “yotsuba.php” that manages posting and reporting functions.
- Email addresses and contact information of approximately 218 moderators, administrators and “janitors” (lower-level moderators).
- Backend administration panels that provide access to user IP addresses and location data.
- Database content accessible through the site’s phpMyAdmin interface.
source code leakSecurity analysts have attributed the vulnerability to 4chan’s outdated technical infrastructure.
“The hack was likely caused by 4chan using an extremely out-of-date version of PHP that has a lot of vulnerabilities and exploits and are using deprecated functions to interact with [their] MySQL database,” reported security researcher Yushe.
Security researcher Kevin Beaumont described the incident as “a pretty comprehensive [compromise] including SQL databases, source and shell access”
Rival Forum Claims Responsibility
A group associated with rival imageboard Soyjak Party (colloquially known as “Sharty”) has claimed responsibility for the attack.
In a post on their platform, they stated: “Today, April 14, 2025, a hacker, who has been in 4cuck’s system for over a year, executed the true operation soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site”.
The attack appears motivated by long-standing tensions between the two communities. Soyjak Party was reportedly formed by former members of 4chan’s /qa/ board after it was banned in 2020.
The attackers demonstrated their control over the system by temporarily restoring the previously banned /qa/ board and defacing it with the message “U GOT HACKED XD”. This action confirmed they had gained administrative privileges within the system.
Security expert Alon Gal, co-founder of cybercrime monitoring company Hudson Rock, stated that the hack “looks legit,” citing publicly circulating screenshots showing 4chan’s backend infrastructure.
The exposure of moderator emails potentially compromises the anonymity 4chan has long promised.
Some leaked email addresses reportedly include .edu and .gov domains, raising questions about who has been moderating the controversial platform.
As of writing, 4chan remains intermittently available as administrators work to contain the breach and restore services. No official statement has been released by 4chan’s management regarding the extent of the attack or the timeline for complete restoration.
This incident represents one of the most significant security breaches in 4chan’s two-decade history, potentially marking a turning point in how anonymous platforms approach their security infrastructure.
#Cyber_Security #Cyber_Security_News #Data_Beach #Php #Vulnerability
Оригинальная версия на сайте:
