Nearly every single day on 4chan’s most notorious imageboard, a millionaire offers to dole out cash for free, a horny dude asks for pictures of Chloe Grace Moretz, and a bored teen asks people to critique the size of his penis.
This is 4chan’s /b/, an artistic work “of fiction and falsehood” in which “only a fool would take anything posted here as fact,” as the forum clearly states.
So last week, when a handful of threads claiming 4chan, a imageboard founded more than a decade ago by Christopher “moot” Poole, was hacked, the initial reaction was to scoff.
Turns out the rumors were indeed true and it may have been as bad as people thought.
In a post early Wednesday morning on 4chan’s official blog, Poole stated that an intruder eager to expose the posting habits of a user he or she was upset with accessed “administrative functions and information from one of our databases.”
“After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database,” Poole added. “Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted.”
4chan moderators can delete posts from boards they are assigned to. The site also has volunteer “janitors” who go through an interview process in order to gain “access to the report system and may delete posts on their assigned board(s), as well as submit ban requests.”
As part of the hack, three users who had spent spent money on 4chan passes had their credential accessed. A 4chan Pass costs $20 a year and allows people to “bypass typing a CAPTCHA verification when posting and reporting posts on the 4chan image and discussion boards.” These three users were notified of the hack, offered full refunds and lifetime passes.
“As a reminder, all payment information is processed securely by Stripe—we never see nor store any of it, and thus no payment information was compromised,” Poole added. “We patched the vulnerability quickly after it came to our attention, and have spent—and will continue to spend—dozens of hours poring over our software and systems to help mitigate and prevent future intrusions.”
The Imgur album with screengrabs of the hack was taken down becuase it contained IP addresses for 4chan users who were affected.