The worlds most popular image sharing bulletin board today admitted that it had faced a security breach last week. In a blog post, 4chan’s founder, Christopher Poole aka ‘moot’ acknowledged that the popular image bulletin board had suffered a intrusion. As per the blog post, the intrusion was possible because of a software vulnerability that allowed the hacker to access the 4chan administrative functions and information from one of its databases.
‘moot’ has not explained what the software vulnerability was that let the hacker/s get access to 4chan servers, but said that the hackers were actually targeting a specific moderator whom they seem to dislike.
“The intruder later stated their motive was to expose the posting habits of a specific user they disliked.”
4chan is a very popular imageboard website which lets users post images anonymously. The popularity of 4chan is due to the fact that users dont require to register themselves. It was started October 1, 2003 with a aim of posting pictures and discussion of manga and anime like popular Japanese imageboards. Due to its discretionary user policies it went on to become world’s most popular image bulletin board.
‘moot’ said that the attacker was only able to hack into the image-boards moderation panels and some tables in the 4chan back-end database. ‘moot’ also said the footprint of the hacker was recorded on 4chan’s logs. Is seems that from this logs, 4chan admin have deduced that the hacker or hackers may be after a specific moderator.
“Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted”
4chan discovered that the hackers were able to access Pass credentials of three 4chan Pass users. 4chan has notified these effected Pass holders and offered refunds and lifetime Passes shortly after the discovery. ‘moot’ also allayed fears that the hackers may have accessed any payment information. In the same post he said that 4chan’s payment was processed by Stripe hence no data was stored on 4chan servers.
From the above brief, it looks like a tale of some strict board moderation gone sour with some of the user/s who then may have illegally accessed the 4chan servers to create some mischief with the ‘disliked’ moderators account.