The anonymous image board 4chan has survived years of controversy. It weathered user and advertiser boycotts as well as damning accusations that it incubated hate speech that may have fueled mass shootings. Users have convened on 4chan to plan hacks like DDoS attacks, and conspiracy theories that festered on 4chan even reportedly inspired the January 6 insurrection at the United States Capitol. On Monday night and Tuesday, though, the platform faced its latest test after a series of outages led to speculation that the site had been hacked.
The core feature 4chan provides is public anonymity to post text and images, but the platform itself does collect information about users, such as their IP addresses. As a result, a breach of the website could represent a significant exposure of data that was intended to be private.
“4chan is an anonymous message board that enables often offensive and hateful content. The content leaked, if genuine, would remove some of the anonymity from 4chan administrators, moderators, and janitors,” says Ian Gray, director of analysis and research at the security firm Flashpoint. The image board’s billing as an “anonymous” platform may have given users a “false sense of security,” Gray says. “Some users may have registered their email addresses years ago when they were less aware or concerned about their operational security.”
Reports about the apparent hack began circulating after a previously banned board on 4chan briefly appeared online and the site was defaced with a message saying, “U GOT HACKED XD.” Subsequently, an online account on a rival forum known as Soyjak.party posted screenshots allegedly showing 4chan’s backend systems, plus a list of alleged 4chan administrator and moderator usernames, with associated email addresses. Following this post of 4chan administrator email addresses, Soyjak.party users started posting alleged doxes, including photos and personal information, of the accounts included in the leak.
WIRED has not been able to confirm whether the data is legitimate. A press email address associated with 4chan as well as two alleged administrator emails from the leaked data did not immediately respond to WIRED’s requests for comment on the hack and its validity. One of the site’s moderators said they believed the hack and leaks were real, according to a report by TechCrunch.
Rumors also started circulating on Tuesday that the breach is the result of 4chan running legacy, unpatched software that exposed the platform to attack. After a breach a decade ago, 4chan founder Christopher Poole, known online as “moot,” wrote in a blog post, “[We] have spent—and will continue to spend—dozens of hours poring over our software and systems to help mitigate and prevent future intrusions. We’re sorry it happened, and will do our best to ensure it doesn’t happen again.”
Emiliano De Cristofaro, a computer science and engineering professor at UC Riverside, who has researched the impact of 4chan on the web, says the ramifications could be large if the hack is confirmed.
“It seems true that 4chan hasn't been properly maintained and patched for years, which might indicate that a hack would have definitely been a possibility,” De Cristofaro says. “There might be some ‘high profile’ users exposed as moderators—traditionally, 4chan users hate them, so they might be targeted. It might be hard or at least painfully slow and costly for 4chan to recover from this, so we might really see the end of 4chan as we know it.”
Initial reports posted on Soyjak.party referencing a 4chan hack appeared to say that Soyjak.party members may have been involved in the attack. One post claimed that a hacker had been in 4chan’s systems “for over a year” and exposed personal information allegedly linked to 4chan users and administrators. And multiple screenshots posted on Soyjak.party appear to show someone accessing 4chan’s internal systems. These include images of someone with administrator access to a 4chan backend database, stats about users on various sections of 4chan, a page showing deleted posts and the IP addresses they were made from, as well as other internal documentation. Some reports also claim that hackers stole 4chan’s source code.
In recent years, 4chan has increasingly been on the radar of US government officials. The website has reportedly been kept online due in part to investment by a Japanese company. In June 2023, WIRED reported on internal 4chan documents that showed how the site’s policies shaped the highly toxic nature of the platform—including how moderators explicitly allow racism. In most cases, the documents showed, calls for violence on 4chan are not met with user bans.
“If the data is legitimate, information on members and posting could be useful for law enforcement investigations,” Flashpoint’s Gray says. “4chan has been around since at least 2003, which is extremely notable for any online service. Aside from the offensive and often extremist content, a lot of internet culture has originated from 4chan. If this is a death knell for 4chan, other services will likely fill its place. However, the effect of 4chan on the internet cannot be overstated.”
