Infamous Internet imageboard and wretched hive of scum and villainy 4chan was apparently hacked at some point Monday evening and remains mostly unreachable as of this writing. DownDetector showed reports of outages spiking at about 10:07 pm Eastern time on Monday, and they’ve remained elevated since.
Posters at Soyjack Party, a rival imageboard that began as a 4chan offshoot, claimed responsibility for the hack. But as with all posts on these intensely insular boards, it’s difficult to separate fact from fiction. The thread shows screenshots of what appear to be 4chan’s PHP admin interface, among other screenshots, that suggest extensive access to 4chan’s databases of posts and users.
Security researcher Kevin Beaumont described the hack as “a pretty comprehensive own” that included “SQL databases, source, and shell access.” 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version.
In other words, there’s a possibility that the hackers have gained pretty deep access to all of 4chan’s data, including site source code and user data.
Some widely shared posts on social media sites have made as-yet-unsubstantiated claims about data leaks from the outage, including the presence of users’ real names, IP addresses, and .edu and .gov email addresses used for registration. Without knowing more about the extent of the hack, reports of the site’s ultimate “death” are probably also premature.
