On April 14th, 4chan was hacked by an anonymous hacker affiliated with Soyjak.party.
Initial reports referencing a 4chan hack alleged Soyjak.party members may have been involved in the attack. Some reports also claimed that hackers stole 4chan’s source code.
A previously banned board on 4chan briefly appeared online and was defaced with a message saying, “U GOT HACKED XD.” Following this, users on Soyjak.party started posting alleged doxes, including photos and personal information, of the accounts included in the leak.
Following a series of outages on Monday night and Tuesday, speculation grew that the site had been hacked.
Multiple email addresses, including those of official moderators and admins who surveilled image boards on 4chan, were leaked. Most of these email addresses were sensitive and linked to Gmail, but some used Proton Mail or other providers. Additionally, janitors’ email addresses were also leaked.
A breach of the website could represent a significant exposure of data that was intended to be private.
4chan had site vulnerabilities and used a deprecated version of PHP retired in 2013. Hackers exploited these weaknesses, injecting malware and gaining administrator permissions. It was rumored that a malicious PDF file infected the site. Hackers used a reverse shell to remotely access the server and gain administrative autonomy.
4chan faces financial constraints due to its limited profit, which could strain its relationships with advertisers and payment providers.
On Friday, 4chan made its comeback after a short break, marking a resurrected revival after it went offline 2-weeks ago.
Administrators later disclosed that a hacker with a UK IP address exploited a vulnerability in 4chan’s system by uploading a malicious PDF file, allowing them to infiltrate a server, extract sensitive data, including database tables and parts of the site’s source code.
The platform’s founder said he spent hours poring over his software and systems to prevent future intrusions.
This breach highlights the urgent need for 4chan to strengthen cybersecurity and protect user data. As digital threats evolve, platforms like 4chan must adapt or risk everything.
Moving forward, the incident may prompt a broader conversation about the security standards of online communities and their responsibility to safeguard user information.
