End of an Era: 4chan Breached and Potentially Lost Forever
One of the most popular imageboards on the internet, considered to be the first form of a social media, 4chan got hacked 3 days ago (April 14 2025) by hackers from rival imageboard named Soyjack Party. Back in 2017, /qa/ board was added to the 4chan originally intended for questions and answers, but quickly evolved into a anarchy sub full of Soyjakcs. Later, this sub started raiding other subs, posting extreme homophobic and racist content, and messing with people who were posting pepe. They got locked in 2020 for raiding /lgbt/ and it mostly became a forgotten board on 4chan. /qa/ created their own imageboard Soyjack.party(soyjack.st) that took revenge on 4chan in April 2025 and restored /qa/ board before killing the website completely. Soyjacks leaked various data such as staff emails, chats and actually ban reason that are not shown to the users. They also revealed source code that revealed how 4chan fingerprints user browser to avoid ban evasion. This also included whole SQL database of 4chan which included list of banned users. Last post on the site was 'CHICKEN JOKEY' shown below.
How did they pull this off?
Majority of 'hacks' of websites and servers are done through social engineering, but Soyjacks Party confirmed that this hack was not done through social engineering but due to a glitch in 4chan's old system. 4chan was made with PHP, which is already super outdated but majority of the internet still uses it. Some of the boards (/gd/, /po/, /qst/, /sci/, /tg/) allowed users to upload PDF files, but also PostScript files that will be passed to GhostScript to generate a thumbnail. 4chan is using an outdated version of GhostScript (version 9.04) from 2012 which is vulnerable to exploits. This is another common way to breach websites: Identifying that they use old software and using exploits against them. Such exploits are publicly available at cve.org.
Exploit ID: CVE-2024-29510
Description: Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
They must have seen this coming
Using outdated software is the absolutely worse way you can get because how easy it is too prevent. Make sure to update your software periodically to avoid such cases on your applications and web servers. All anons can blame the breach on jannies and admins who never updated this shitty site with no proper security. Some of the staff used emails with their real full names and even .edu domains for their 4chan account which got leaked. This another big mistake by janitors that ended in them getting doxxed. Some users justify this breach by saying janitors usually are unfair to users banning them for biased reasons. I, myself, have been temporarily banned from 4chan for dumb reasons before. But I guess when there is absolute chaos, there is absolute anarchy.
As I'm writing this 4chan is offline, but it is not the first time they went dark and won't be the last time. Even though most big media outlets on the normie news say that this is the end of 4chan, I personally believe that, 4chan will come back with a damaged reputation but more popular than ever due to the recent news all over the web. So yes title of this post is kinda clickbait but it might be right after all who knows.
Hiro, the current owner of 4chan, has not made any announcements since the attack.
Comments
Post a Comment