Kiwi Farms says it has been hacked and user details leaked

Audio participant loading…

Controversial on-line discussion board Kiwi Farms has reportedly been hacked, with the consumer particulars of some accounts being leaked in consequence.

The positioning, which describes itself as a “neighborhood devoted to discussing eccentric individuals who voluntarily make fools of themselves”, has had a particularly muddied historical past because it was based in 2013, being linked to at the least three suicides and to the 2019 Christchurch Mosque taking pictures in New Zealand. 

Kiwi Farms has struggled to search out assist throughout the tech trade, with cloud hosting infrastructure firms Cloudflare and DDoS-Guard just lately selecting to stop providing their services to the site, inflicting it to grow to be overrun by DDOS assaults.

What really occurred?

Joshua Moon, the defacto chief of the web site stated in a statement (opens in new tab) that “a nasty actor was in a position to add a webpage disguised as an audio file” to XenForo, utilizing the .OPUS lossy audio coding format.

ZenForo is a industrial Web discussion board software program package deal used to construct boards similar to Kiwi Farms

In response to Moon, the attacker was then “in a position to load this webpage (most likely as an inline body), inflicting random customers to make automated requests and ship their authentication cookies off-site, in order that the attacker might use it to achieve entry to their account”.

Moon added; “As soon as they’d entry to the ACP, they tried to obtain consumer information, and XenForo offers a technique to export consumer lists with info that’s exact: e-mail, username, final exercise, register date, consumer state (banned/unverified), publish rely, and if they’re employees.”

Nonetheless, the hackers requests  “didn’t seem to undergo as a result of they requested too many data directly” in keeping with the administrator. 

Moon admitted that his personal admin account “was compromised via this mechanism”.


Kiwi Farms’ assertion on the matter stated all customers ought to assume their passwords have been stolen

As well as, customers ought to assume that their e-mail addresses have been leaked and they need to additionally assume any IP they’ve used on their Kiwi Farms account within the final month has been leaked.

  • Need to hold your group secure and safe? Take a look at our information to the best firewalls


Leave a Reply

Your email address will not be published.