© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Trolling forum Kiwi Farms admits being hacked

A discussion forum accused of facilitating targeted trolling attacks, cyberstalking, and online harassment campaigns has been hacked.

Kiwi Farms admitted the breach in a statement on its website and the Telegram messaging forum.

“Assume your password for Kiwi Farms has been stolen,” it said. “Assume your email [and] any IP [internet protocol] you’ve used on your account in the past month has been leaked.”

The unknown hacker attempted to export 120,000 user data files, which had led to the site crashing. It is believed that Vsys, an offshore hosting site used as a proxy by Kiwi Farms, was compromised, resulting in the breach.

“I do not know for sure if any information was leaked,” said the site’s admin, believed to be Kiwi Farms founder Josh Moon. “In my access logs, they attempted to download all user records at once. This caused an error and no output was returned.”

The admin shut the website down shortly after and pledged to restore it to a backup version dating from September 17.

Kevin Beaumont, a cyber-pundit who also goes by his Twitter handle @GossiTheDog, said the hack had probably been augmented by a remote-code execution script called Troonshine that gathered data and credentials from users of the extremist forum and sent it to a website named after coded offensive language used by Kiwi Farms.

“Poz.hiv was redirecting to http://poz.com – a legit site – up until several weeks ago,” said Beaumont. “A cached copy of the script suggests somebody basically put an in-browser infostealer on Kiwi Farms.”

He added: “The branding of the scripts and domains is all Kiwi Farms forum language. HIV is used there to mean gay people, troon is trans. It would not surprise me if this was an insider threat within the community itself.”

“They look very, very owned,” was Beaumont’s laconic final assessment.

Earlier this month, Cloudflare withdrew cybersecurity services from Kiwi Farms, bowing to growing pressure that it stop supporting the forum, which has been accused of facilitating cyberstalking and bigotry.

Announcing the move, Cloudflare’s chief executive Matthew Prince said growing evidence of threatening behavior by Kiwi Farms users had caused it to reverse an earlier decision to keep protecting the site from cyberattacks.

Since its inception in 2013, Kiwi Farms has garnered a controversial reputation. Accused of targeting LGBTQ and female victims, it has been blamed by some for the suicides of three people who were singled out by users of the platform.

NB: This article was amended on September 21

More from Cybernews:

Procurement as an unguarded attack surface

Regulators are calling out greenwashing brands

How a Florida teenager hacked NASA

Data breach hits Starbucks

Biden warns about risks of foreign investment in quantum computing

Subscribe to our newsletter


Lane Janower
Lane Janower
prefix 4 months ago
The kiwi farms just archive content that the subjects of the site post publicly. How is is possible that this has driven people to suicide? I will never understand...
no one of importance
no one of importance
prefix 20 days ago
Pretty much. Mentally ill people say and do crazy and horrifying things and post them to the Interwebs. KF is the bad guy for noticing their bizarre and unhinged behavior and talking about it. Also, KF is back.
Leave a Reply

Your email address will not be published. Required fields are marked