[Updated on 20 September 2022] KiwiFarms discloses security breach, says user data may have been stolen
Internet racism cesspit KiwiFarms said on Sunday that one of its service providers was hacked and that data on its users might have been stolen.
In a series of messages posted on its Telegram channel, the site’s administrator said the breach occurred on Saturday at Vsys, a Ukrainian company that provides them with forward-proxy services.
“Today, the site was hacked to change everyone’s avatars to logos of another site (which I am not naming because I’m not sure what the motivation is behind it),” Josh, the site’s administrator, wrote on Telegram and KiwiFarm’s official website. “Then, each node on the forum index was deleted one at a time.”
“The attacker had access to my admin account, probably through session hijacking (bypassing password and 2fa),” the admin also added.
KiwiFarms said that while information from the site’s log suggests that a user database export operation performed by the intruder might have failed, registered users should still assume that their data might have been compromised through another means.
The incident sparked quite a wave of panic among the site’s users, most of whom now fear that their real identities could be revealed through the stolen data, which is a very plausible scenario for those who did not practice good OpSec when registering on the site.
It’s the first Kiwi Farms telegram post comments section I’ve seen without racism. pic.twitter.com/D6eTtyIHWI
— Kevin Beaumont (@GossiTheDog) September 18, 2022
While it’s been around for half a decade, KiwiFarms rose to infamy this summer after its members started harassing and threatening a trans streamer named Keffals. The streamer responded by arranging a social media campaign to bring down the website, which eventually succeeded with help from mainstream media and the infosec community.
Cloudflare booted KiwiFarms (after some serious convincing work), the service was then dropped by Russian provider DDoS-Guard a day later, and Portuguese web host DiamWall last week, before encountering its most recent issues with Vsys.
[Updated on 12 September 2022] Government Takedowns?
Cloudflare has clarified why they considered Kiwi Farms so dangerous, and they’re calling for governments to determine takedown criteria themselves instead of relying on tech companies to do it for them. I think that makes sense, but in cases like Kiwi Farms it was obvious this was way over the line. It’d be nice to have both, but when government is too slow why not just do the right thing yourself?
[Updated on 06 September] Cloudflare Drops Kiwifarms
Cloudflare finally dropped Kiwifarms, which has functionally become a real-world harassment platform largely aimed at the LGPBTQ+ community. They stated the reason was, “specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.”