4chan Suffers Major Cyberattacks From DDoS Disruption to Database Breach
4chan has repeatedly been hit by major cyberattacks, including a large-scale distributed denial-of-service campaign that knocked the site offline or made it intermittently unreachable for nearly a day amid fallout from Anonymous-linked pro-WikiLeaks operations. Reporting at the time said the outage resembled attacks that had recently struck Mastercard, Visa, and PayPal, and Netcraft confirmed the disruption was severe before partial recovery began. Separate reporting on broader internet outages and high-profile DDoS incidents, including the record attack on KrebsOnSecurity and claims by WikiLeaks that its supporters were involved in a massive attack, underscored the wider hacktivist and botnet-driven environment surrounding such disruptions.
In a later and more damaging incident, 4chan said it was forced into a nearly two-week shutdown after a catastrophic database attack that compromised source code, multiple databases, and a critical server, while also exposing personal information tied to moderators and many users. The site said attackers vandalized systems and that recovery was slowed by aging code, weak infrastructure, limited funding, and a shortage of skilled staff. When service returned, core functions remained restricted, with posting and image uploads still unavailable, the /f/ board permanently removed because of .swf-related exploit risk, and PDF uploads temporarily disabled as administrators rebuilt the platform.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
4chan returns online after nearly two-week shutdown
4chan restored its front page and boards after nearly two weeks offline, though posting and image-upload functions remained unavailable. The site said it would permanently keep /f/ offline and temporarily disable PDF uploads while rebuilding.
Attackers breach 4chan and moderators shut down servers
Following what 4chan later described as a catastrophic database attack, attackers accessed source code, breached multiple databases, compromised a critical server, vandalized the site, and exposed personal information of moderators and many users. Moderators shut down servers on April 14, 2025 to contain further damage.
WikiLeaks says supporters are behind Dyn DDoS
WikiLeaks publicly pointed to its own supporters as being responsible for the massive DDoS attack linked to the October 2016 internet disruption. This added a notable attribution claim during the unfolding outage.
Dyn outage disrupts major internet services
A major outage affecting DNS provider Dyn caused widespread disruption to prominent online services, making much of the internet appear broken for users. The event was widely reported on October 21, 2016.
KrebsOnSecurity suffers record DDoS attack
KrebsOnSecurity was hit by a record-setting DDoS attack, a major precursor event in the 2016 wave of high-profile disruption tied to insecure internet-connected devices. The incident was publicly reported in September 2016.
Jester denies involvement in 4chan outage
After speculation that hacktivist The Jester may have been behind the 4chan attack, he publicly denied responsibility. No actor claimed the operation, though reporting suggested it may have been retaliation for Anonymous-linked pro-WikiLeaks activity.
4chan hit by major DDoS attack
4chan was taken offline or became intermittently unreachable for nearly 24 hours due to a large-scale distributed denial-of-service attack. Netcraft observed severe disruption early on Wednesday, with partial recovery later that day.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
4chan is back after a nearly two-week shutdown, but it still has some serious problems
engadget.com
Open sourceWhen the Entire Internet Seems to Break At Once - The Atlantic
theatlantic.com
Open sourceWikiLeaks claims its supporters are behind the massive DDoS cyber attack
smh.com.au
Open sourceKrebsOnSecurity Hit With Record DDoS - Krebs on Security
web.archive.org
Open sourceBBC News - Web attack takes Anonymous activists offline
web.archive.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
4chan Hack Exposed Internal Systems and Staff Data
4chan was knocked largely offline after an alleged breach exposed internal systems, moderation tools, source code, and staff information, with users from rival forum **Soyjak Party** claiming responsibility. Reports said the attackers published screenshots of administrative panels, ban templates, and internal discussions, while the site returned Cloudflare timeout errors and was at times only intermittently reachable in text-only mode. The outage began late on April 14, and moderators were reportedly forced to take servers offline to regain control. Multiple reports said the intrusion may have persisted for more than a year before the attackers reopened and defaced the previously banned `/qa/` board and released data tied to administrators, moderators, and janitors. Some reporting said affected moderators confirmed at least parts of the leaked material were authentic, and that data belonging to paid **4chan Pass** subscribers may also have been accessed. Researchers and journalists also pointed to the possibility that 4chan was running an outdated 2016 version of PHP, which may have contributed to the compromise, while broader claims that the leak proved government involvement were not substantiated.
May 28, 2026
High-Profile Cyber Incidents Expose Weak Security and Disrupt Critical Services
A series of high-profile cyber incidents disrupted major online platforms, exposed weak security practices, and highlighted the broad impact of both criminal and activist hacking. A global ransomware outbreak later identified as **WannaCry** spread rapidly across organizations before a security researcher slowed it by registering a domain used as a kill switch, while a separate attack briefly knocked major websites offline through distributed denial-of-service activity. In another major case, hackers compromised prominent US Twitter accounts and used them to promote a Bitcoin scam, demonstrating how access to trusted platforms can be weaponized at scale. Other incidents underscored persistent failures in account security and access control. Equifax faced scrutiny after an Argentine employee portal was reportedly protected with the username and password **`admin`**, adding to concerns around the company’s security posture. Apple said some user accounts had been compromised while denying a broader breach of its systems, and the celebrity photo leak known as **“the fappening”** showed how attackers could exploit personal account weaknesses. Separately, US authorities linked Julian Assange to alleged conspiracy with Anonymous-affiliated hackers, activist campaigns targeted recording industry websites, and the Colonial Pipeline ransomware case showed how an intrusion into a critical fuel operator could trigger widespread operational disruption even when attackers later claimed they had not intended such consequences.
May 25, 2026
Internet Archive Breach Exposed 31 Million Accounts Amid Site Defacement and DDoS
Internet Archive confirmed a breach that exposed data tied to **31 million user accounts** after attackers displayed a malicious JavaScript pop-up on the site announcing the intrusion. According to reporting validated by security researcher Troy Hunt and others, the stolen data dated to September 2024 and included **email addresses, screen names/usernames, bcrypt password hashes, and other system data** from the organization's digital library platform. The disclosure unfolded as Internet Archive was also contending with **intermittent distributed denial-of-service attacks** that disrupted availability and a site defacement linked to a compromised JavaScript library. Founder Brewster Kahle said security upgrades were underway; hacktivist group **BlackMeta** claimed responsibility for the DDoS activity, while the actor behind the underlying data theft was not identified. The breach was later cataloged by Have I Been Pwned as affecting 31 million records.
May 25, 2026