The anonymous image board 4chan has managed to persist through numerous controversies over the years. It has endured user and advertiser boycotts and faced serious accusations of harboring hate speech that may have contributed to mass shootings. Users have reportedly gathered on 4chan to coordinate hacks such as DDoS attacks, and conspiracy theories that originated on the site are said to have played a role in inspiring the January 6 insurrection at the United States Capitol. Recently, the platform encountered a new challenge as a series of outages prompted speculation that it had been hacked.
4chan’s primary feature is its ability to allow users to post text and images anonymously, though the platform does collect information about users, including their IP addresses. Therefore, a breach of the site could result in substantial exposure of data intended to remain private.
Ian Gray, director of analysis and research at Flashpoint, notes that 4chan allows for content that is often offensive and hateful, and any leaked content, if authentic, could compromise the anonymity of 4chan’s administrators, moderators, and janitors. Gray suggests that the image board’s reputation as an “anonymous” platform may have provided users with a misleading sense of security. Some registered their email addresses years ago when they were less conscious of their operational security.
Reports about a potential hack emerged when a previously banned board on 4chan briefly reappeared online, and the site was defaced with a message reading, “U GOT HACKED XD.” An account on Soyjak.party, a competing forum, later posted screenshots allegedly revealing 4chan’s backend systems and a list of supposed administrator and moderator usernames with associated email addresses. Following this, Soyjak.party users began posting alleged doxes, which included photos and personal information of individuals from the leaked data.
WIRED has been unable to confirm the legitimacy of the data. Emails sent to a 4chan press address and to two purported administrator emails from the leaked data did not receive an immediate response regarding the hack and its authenticity. According to a TechCrunch report, one of the site’s moderators expressed the belief that the hack and leaks were genuine.
Additionally, rumors circulated that the breach resulted from 4chan’s use of outdated, unpatched software that left the platform vulnerable to attack. After a breach ten years ago, 4chan’s founder, Christopher Poole, known online as “moot,” had written about efforts to scrutinize the site’s software and systems to prevent future intrusions, expressing regret over the breach and a commitment to improve security.
Emiliano De Cristofaro, a computer science and engineering professor at UC Riverside, who has studied 4chan’s impact on the web, suggests that the consequences could be significant if the hack is verified. De Cristofaro notes that 4chan might not have been adequately maintained and patched over the years, making a hack likely. He also speculates that some “high profile” users exposed as moderators could become targets, and that 4chan’s recovery could be difficult, expensive, and slow, potentially marking the end of 4chan as it is known today.