4chan reportedly hacked

An unknown attacker reportedly gained full access to the server hosting the controversial Internet forum 4chan and leaked details about its source code and database online.

Outage tracker Downdetector shows that the site has been offline since around 04:00 this morning, and the site remained non-functional at the time of publication.

4chan was launched by Christopher “moot” Poole in October 2003 when he was still a teenager. He remained the site’s administrator until 2015.

Google hired Poole in 2016 to work on the Google+ social network. When Google+ failed, he became a product manager of Google Maps. He left the company in 2021.

Based on reports from users about the hack, the attacker reopened 4chan’s /qa/ discussion board, where they posted details about the attack.

4chan’s /qa/ forum was intended as a meta discussion board for questions and answers about the site itself. It was closed several years ago after being overrun with spam and off-topic content.

Screenshots of the /qa/ thread posted online show that the attackers were promoting a rival image board, claiming they had “won”.

In a thread on the rival board, an anonymous user claimed that the hacker leaked 4chan’s code and the personal information of staff after being in its system for over a year.

The user claimed a 4chan admin took its servers offline in an attempt to control the damage, explaining why the site was only intermittently available.

The screenshots also showed that the attacker appeared to have gained administrative access to 4chan.

One image showed an internal discussion in /j/, a private board for moderators, who are called janitors or “jannies” by the site’s users.

The moderators’ email addresses were also released as part of the leak, and users remarked that a significant number of them ended in .edu.

.edu is the top-level domain used by many educational institutions in the United States.

Not updated since at least 2016

Joshua Moon, the founder and operator of another rival and arguably even more controversial forum, posted on Twitter/X that 4chan was running on an extremely old operating system.

It appeared as though the new owners of 4chan had done nothing since buying it from Poole ten years ago.

“My theory on 4chan’s hack is that he found the origin IP of the root server through Cloudflare somehow, then used a public exploit,” Moon said.

“They’re running FreeBSD 10.1, which reached end-of-life in 2016. I don’t think anyone has updated it since moot left.”

Another Twitter user who goes by the name “Please Stop Talking Comics” highlighted that, in addition to the old version of FreeBSD, the 4chan code itself was very poorly constructed.

“Almost the entirety of 4chan is a badly formatted, mostly uncommented 10,000+ line file called imgboard.php,” they said.

“Some functions, like the one that makes a new post, are over 2000(!!!) lines long.”