A discussion forum accused of facilitating targeted trolling attacks, cyberstalking, and online harassment campaigns has been hacked.
Kiwi Farms admitted the breach in a statement on its website and the Telegram messaging forum.
“Assume your password for Kiwi Farms has been stolen,” it said. “Assume your email [and] any IP [internet protocol] you’ve used on your account in the past month has been leaked.”
The unknown hacker attempted to export 120,000 user data files, which had led to the site crashing. It is believed that Vsys, an offshore hosting site used as a proxy by Kiwi Farms, was compromised, resulting in the breach.
“I do not know for sure if any information was leaked,” said the site’s admin, believed to be Kiwi Farms founder Josh Moon. “In my access logs, they attempted to download all user records at once. This caused an error and no output was returned.”
The admin shut the website down shortly after and pledged to restore it to a backup version dating from September 17.
Kevin Beaumont, a cyber-pundit who also goes by his Twitter handle @GossiTheDog, said the hack had probably been augmented by a remote-code execution script called Troonshine that gathered data and credentials from users of the extremist forum and sent it to a website named after coded offensive language used by Kiwi Farms.
“Poz.hiv was redirecting to http://poz.com – a legit site – up until several weeks ago,” said Beaumont. “A cached copy of the script suggests somebody basically put an in-browser infostealer on Kiwi Farms.”
He added: “The branding of the scripts and domains is all Kiwi Farms forum language. HIV is used there to mean gay people, troon is trans. It would not surprise me if this was an insider threat within the community itself.”
“They look very, very owned,” was Beaumont’s laconic final assessment.
Earlier this month, Cloudflare withdrew cybersecurity services from Kiwi Farms, bowing to growing pressure that it stop supporting the forum, which has been accused of facilitating cyberstalking and bigotry.
Announcing the move, Cloudflare’s chief executive Matthew Prince said growing evidence of threatening behavior by Kiwi Farms users had caused it to reverse an earlier decision to keep protecting the site from cyberattacks.
Since its inception in 2013, Kiwi Farms has garnered a controversial reputation. Accused of targeting LGBTQ and female victims, it has been blamed by some for the suicides of three people who were singled out by users of the platform.
NB: This article was amended on September 21
More from Cybernews:
Subscribe to our newsletter