Cyber Incident Victim: 4chan
Date:
Mar 2025
Location:
United States of America
Summary
4chan experiencedoutages and was defaced with a message claiming a hack, after which Soyjak.party posted screenshots of the site’s backend, a list of administrator and moderator usernames with associated email addresses, and alleged personal information of those accounts. The leaked data included IP addresses, deleted posts, and internal documentation, with claims that the hacker had accessed the system for an extended period and possibly stolen the source code. Experts noted that if the data is genuine the exposure could undermine the site’s promise of anonymity and affect its users, while also providing material for law‑enforcement investigations. The incident has prompted discussion about the site’s maintenance and its future viability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Mondaynight and Tuesday, 4chan experienced a series of outages that led to speculation that the site had been hacked. The outages were followed by the appearance of a defaced page displaying the message 'U GOT HACKED XD'. Shortly thereafter, an account on the rival forum Soyjak.party posted screenshots that allegedly showed 4chan’s backend systems and included a list of purported administrator and moderator usernames paired with email addresses. After the list was shared, Soyjak.party users began to publish alleged doxes consisting of photographs and personal information attributed to the accounts named in the leak. WIRED attempted to verify the authenticity of the material but received no response from the press email address associated with 4chan or from two of the alleged administrator addresses included in the leak. One of the site’s moderators told TechCrunch that they believed the hack and the leaked data were genuine.
Rumors circulated that the breach resulted from 4chan running legacy, unpatched software that had not been updated for years. References were made to a previous breach a decade ago, after which founder Christopher Poole wrote a blog post stating that the team had spent dozens of hours reviewing software and systems to prevent future intrusions. Posts on Soyjak.party claimed that the intruder had remained inside 4chan’s networks for more than a year and had exfiltrated data linked to both users and staff. Screenshots shared on Soyjak.party depicted what appeared to be administrator access to a 4chan backend database, user statistics for various boards, a page listing deleted posts together with the IP addresses from which they originated, and other internal documentation. Some of the reports accompanying the screenshots asserted that the attackers had also copied the site’s source code.
4chan has attracted attention from United States government officials due to its role in hosting extremist content and its association with real‑world violence. The site has remained online in part because of financial backing from a Japanese company. In June 2023, WIRED published an analysis of internal 4chan documents that described how the platform’s policies permitted racist language and allowed calls for violence to go unpunished by moderators. Since its inception in 2003, 4chan has persisted as a notable anonymous image board despite numerous controversies.