Kiwi Farms is a website that hosts user-generated content and discussion forums. The site has been accused of doxing, harassment, and cyberbullying. Last month Hackread.com reported about Kiwi Farms and Cloudflare issues and now, reports are that the website has been hit by a cyber attack.
According to Kiwi Farms’ creator Joshua Moon, the site (kiwifarms dot net)has become a victim of a data breach leading to hijacking his administrator account and possibly users’ accounts.
Data Breach Details
Cybersecurity researcher Kevin Beaumont says that someone hacked Kiwi Farms website and proxy service after which all avatars were replaced with the logo of another “free speech” forum, and deleted every node on the forum index one at a time.
However, since Kiwi Farms had backups, none of the data was deleted permanently but the personal information of users could have been compromised.
How The Hack Occurred?
According to Joshua Moon, the site’s offshore hosting provider was compromised, and the hacker(s) accessed an unknown number of user accounts and his admin account using the session hijacking technique.
In this method, the attacker obtains authentication cookies set by the site after an account holder logs in successfully by entering valid authentication credentials and completing 2FA verification.
The attacker could perform this technique after uploading malicious content on a site XenForo, which Kiwi Farms uses to run its user forums.
Per Moon, the attacker uploaded a webpage disguised as a ‘.opus’ audio file on XenForo and elsewhere may be through an inline frame. This caused random users to generate automated requests and send their authentication cookies outside of the site. The attacker then used them to access their accounts.
The same mechanism was used to hack Moon’s admin account. Once there, the attacker issued a command for XenForo to send data of all users, but the system logs couldn’t fulfill this command.
What Data was Leaked?
Moon stated that he was unsure if user information was leaked. Analysis of his access logs revealed that the attackers tried to download all user records in one go, which caused an error, and the attempt remained fruitless.
Moon assured users of Kiwi Farms that their emails, posts, usernames, recent activity, and other sensitive data were safe. However, the possibility that the attacker issued other commands or scripts that were successfully executed cannot be ruled out at this point, Moon noted.
Launched in 2013, Kiwi Farms has remained in hot waters lately. The forum has been accused of cyberbullying and frequently targeting non-binary, transgender people, LGBTQ community members, and females.
Cybersecurity experts had long anticipated hackers would eventually target the site because of its involvement in swatting and doxing activities. Eventually, on Monday, the forum’s creator posted a notice on the site to alert users about the hack, claiming that user passwords, IP addresses, and emails may have been stolen.
- New tool lets teens report, remove their nude photos online
- Firm calls cops on researcher for responsibly disclosing data leak
- 4chan hackers tried changing voting results of NASA student challenge
- WT1SHOP Cybercrime Market Seized by US and Portuguese Authorities
- FBI Seizes RaidForums and Arrests Alleged Founder Diogo Santos Coelho