Article Lead Image

Someone hacked Imgur to DDoS 4chan and 8chan

The perpetrator remains unknown

 

Mike Wehner

Tech

Posted on Sep 22, 2015   Updated on May 27, 2021, 10:37 pm CDT

Imgur, the photo-sharing website best known for adorable cat GIFs and newly minted memes, has been exploited in a traffic-based attack on the popular imageboards 4chan and 8chan.

The distributed denial-of-service (DDoS) attack, first publicized by an Imgur employee on Reddit, used Imgur links to send huge amounts of traffic to 4chan and 8chan. Whenever a user on Reddit’s 4chan subreddit clicked on an Imgur link, the link opened a hidden window off of the user’s screen and loads hundreds of image files located on the 4chan/8chan servers, effectively destabilizing the sites and slowing down legitimate traffic to them.

Several Reddit users initially suggested that Imgur employees deliberately added the malicious code to their site, but most people commenting on the attack assumed that it was an external breach. As it turns out, neither seems to be true.

The Imgur employee who described the attack said that, while Imgur itself wasn’t hacked, the company did discover an exploit in its code that facilitated the attack.

“Someone managed to upload an HTML file with malicious JavaScript inside of it that targeted 8chan,” the employee wrote. “We patched this bug and it’s no longer possible to upload those files. We’re also not [serving] those bad files anymore.”

While the vulnerability may have been fixed, it’s still important to take precautionary steps if visited the 4chan subreddit or suspect that you may have clicked an infected Imgur link. To be safe, you should clear your browser’s cache, including your browsing data and cookies. 

Illustration by Max Fleishman

Share this article
*First Published: Sep 22, 2015, 4:23 pm CDT