Cyber Incident Victim: 8chan

On January 8, 2015, the imageboard site 8chan.co and its Japanese sibling site 2ch.net became inaccessible due to a distributed denial of service (DDoS) attack claimed by the hacking group Lizard Squad. The group leveraged its recently launched "Lizard Stresser" service, which allowed third parties to pay between $6 and $500 to direct DDoS attacks against targets of their choice, with attack durations lasting up to 500 minutes concurrently. Investigative reporting had previously revealed that Lizard Stresser was copied from an established DDoS-for-hire platform and that the group had accidentally exposed data on all 1,700 of its registered users. 8chan founder Fredrick Brennan publicly acknowledged the outage but cautioned that attribution remained unconfirmed, urging users not to trust rumors about the attackers' identities. He described the assault as "a regular dumb ICMP/SYN attack" and shared a server downtime graph illustrating the disruption.

The attack bypassed 8chan’s Cloudflare anti-DDoS protections after perpetrators discovered the site’s real IP address. Brennan announced plans to restore service within 12 hours but acknowledged potential delays requiring separate temporary server infrastructure for up to two weeks. 2ch.net was restored earlier by severing its connection to 8chan’s compromised network. Brennan noted law enforcement prioritization challenges, citing Lizard Squad’s high-profile attacks against Microsoft and Sony as precedents that drew arrests, while an attack on a smaller platform like 8chan would likely receive less immediate attention. The incident occurred amid broader controversies surrounding 8chan’s unmoderated content policies, which had previously led crowdfunding platform Patreon to reject the site’s fundraising efforts over concerns about illegal material, including child exploitation imagery and doxxing. No user data breaches or arrests related to this specific attack were reported in the immediate aftermath.