Page 1 of 1 [ 4 posts ] 

funeralxempire
Veteran
Veteran

User avatar

Joined: 27 Oct 2014
Age: 39
Gender: Non-binary
Posts: 25,176
Location: Right over your left shoulder

19 Sep 2022, 3:07 pm

Kiwi Farms has been breached; assume passwords and emails have been leaked

Quote:
The head of Kiwi Farms, the Internet forum best known for organizing harassment campaigns against trans and non-binary people, said the site experienced a breach that allowed hackers to access his administrator account and possibly the accounts of all other users.

On the site, creator Joshua Moon wrote:

The forum was hacked. You should assume the following.

Assume your password for the Kiwi Farms has been stolen.
Assume your email has been leaked.
Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.

Moon said that the unknown individual or individuals behind the hack gained access to his admin account by using a technique known as session hijacking, in which an attacker obtains the authentication cookies a site sets after an account holder enters valid credentials and successfully completes any two-factor authentication requirements. The session hijacking was made possible after uploading malicious content to XenForo, a site Kiwi Farms uses to power its user forums.

“A bad actor was able to upload a webpage disguised as an audio file to XenForo,” Moon wrote. “Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.”


https://arstechnica.com/information-tec ... en-leaked/

I don't know why but I keep getting Alanis Morissette stuck in my head. :|


_________________
"If you stick a knife in my back 9 inches and pull it out 6 inches, there's no progress. If you pull it all the way out, that's not progress. The progress is healing the wound that the blow made... and they won't even admit the knife is there." Malcolm X
戦争ではなく戦争と戦う


CockneyRebel
Veteran
Veteran

User avatar

Joined: 17 Jul 2004
Age: 49
Gender: Male
Posts: 113,285
Location: Stalag 13

19 Sep 2022, 11:36 pm

That site attracts a lot of interesting worms, I mean people.


_________________
Who wants to adopt a Sweet Pea?


TwisterUprocker
Pileated woodpecker
Pileated woodpecker

Joined: 24 Nov 2019
Gender: Male
Posts: 179

20 Sep 2022, 1:17 am

So apparently most website owners do not have access to the users passwords but Null did.

So yeah he made it easy for them to be stolen.



MuddRM
Velociraptor
Velociraptor

Joined: 2 Sep 2021
Gender: Male
Posts: 437
Location: Beautiful(?) West Manchester Township, PA

20 Sep 2022, 9:29 pm

Besides, Cloudflare, who was providing DNS services for KiwiFarms, gave them the boot, and is no longer providing services to KiwiFarms.