4chan Hack Exposed Internal Systems and Staff Data
4chan was knocked largely offline after an alleged breach exposed internal systems, moderation tools, source code, and staff information, with users from rival forum Soyjak Party claiming responsibility. Reports said the attackers published screenshots of administrative panels, ban templates, and internal discussions, while the site returned Cloudflare timeout errors and was at times only intermittently reachable in text-only mode. The outage began late on April 14, and moderators were reportedly forced to take servers offline to regain control.
Multiple reports said the intrusion may have persisted for more than a year before the attackers reopened and defaced the previously banned /qa/ board and released data tied to administrators, moderators, and janitors. Some reporting said affected moderators confirmed at least parts of the leaked material were authentic, and that data belonging to paid 4chan Pass subscribers may also have been accessed. Researchers and journalists also pointed to the possibility that 4chan was running an outdated 2016 version of PHP, which may have contributed to the compromise, while broader claims that the leak proved government involvement were not substantiated.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Reports suggest outdated PHP version may have contributed
Coverage of the breach said 4chan may have been exposed in part because it was running an outdated 2016 version of PHP. This technical detail emerged as journalists and researchers examined the incident.
Moderators reportedly confirm authenticity of some leaked data
By April 15, 2025, reporting cited some affected moderators who said leaked data from the breach appeared authentic. Reports also said the attackers accessed personal data tied to paid 4chan Pass subscribers.
Moderators take servers offline to regain control
Following the breach, 4chan moderators were reported to have taken servers offline as part of efforts to contain the incident and recover control of the platform. The site later appeared only intermittently, including in limited text-only mode.
Attackers allegedly deface /qa/ and leak internal 4chan data
During the incident, the attackers allegedly reopened and defaced the previously banned /qa/ board and published screenshots and leaked materials from 4chan's internal systems. The exposed data reportedly included moderator tools, administrative panels, source code, and contact details for staff and janitors.
Attack on 4chan begins and site goes offline
On April 14, 2025, 4chan reportedly suffered a hack that led to a major outage beginning Monday evening or late Monday night. The site became largely inaccessible, with users seeing downtime and Cloudflare timeout errors.
4chan hack reportedly carried out after long-term access
Reporting on the April 2025 incident says the attacker may have maintained access to 4chan's systems for more than a year before launching the operation. Rival forum users later claimed responsibility for the breach.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
4chan вышел из строя из-за масштабной атаки - Хакер
xakep.ru
Open source4chan has been down since Monday night after “pretty comprehensive own” - Ars Technica
arstechnica.com
Open sourceInternet Cesspool 4chan Is Down After Alleged Hack, Rival Forum Users Claim Credit
gizmodo.com
Open sourceNotorious image board 4chan hacked and internal data leaked | TechCrunch
techcrunch.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
4chan Suffers Major Cyberattacks From DDoS Disruption to Database Breach
4chan has repeatedly been hit by major cyberattacks, including a large-scale **distributed denial-of-service** campaign that knocked the site offline or made it intermittently unreachable for nearly a day amid fallout from Anonymous-linked pro-WikiLeaks operations. Reporting at the time said the outage resembled attacks that had recently struck **Mastercard, Visa, and PayPal**, and Netcraft confirmed the disruption was severe before partial recovery began. Separate reporting on broader internet outages and high-profile DDoS incidents, including the record attack on **KrebsOnSecurity** and claims by WikiLeaks that its supporters were involved in a massive attack, underscored the wider hacktivist and botnet-driven environment surrounding such disruptions. In a later and more damaging incident, 4chan said it was forced into a nearly two-week shutdown after a **catastrophic database attack** that compromised source code, multiple databases, and a critical server, while also exposing personal information tied to moderators and many users. The site said attackers vandalized systems and that recovery was slowed by aging code, weak infrastructure, limited funding, and a shortage of skilled staff. When service returned, core functions remained restricted, with posting and image uploads still unavailable, the `/f/` board permanently removed because of `.swf`-related exploit risk, and PDF uploads temporarily disabled as administrators rebuilt the platform.
May 30, 2026
BreachForums Breaches Expose User Data After MyBB Zero-Day Compromise
BreachForums suffered repeated compromises that exposed member data across multiple iterations of the cybercrime forum. An earlier breach leaked details on about **4,000 members**, while a later incident tied to the forum's reboot reportedly spilled data on roughly **325,000 users**, underscoring the scale of exposure affecting one of the most prominent underground marketplaces. Reporting on the more recent compromise said the forum was hit through a **MyBB `0-day`** affecting unpatched software, with forum administrators claiming the intrusion was also linked to a broader law-enforcement crackdown. The incident disrupted the platform, prompted leadership changes including the emergence of a new admin, and highlighted how even criminal forums remain vulnerable to the same software flaws, operational failures, and data-security lapses that they routinely exploit in others.
May 25, 2026
BreachForums Reboot Emerges Under Suspect Admin as 918 Stolen Databases Leak
A new **BreachForums** reboot appeared online with an administrator using the handle **"X"**, who claimed the forum had been rebuilt after its infrastructure, database, and source code were hacked from a hosting server and the prior operator **"N/A"** abandoned the project. The alleged revival was quickly disputed: **ShinyHunters** publicly denied any role in the new site and said it had not operated BreachForums since the FBI seizure in October 2025. Researchers also pointed to inconsistencies in X's account, raising doubts about whether the latest site is a legitimate successor, a copycat operation, or a setup using leaked forum data. The confusion comes amid a broader compromise tied to the BreachForums ecosystem, including the leak on Telegram of **918 databases** previously sold through the forum. Reporting said the exposed trove contains personal and sensitive data from numerous historical breaches, creating renewed opportunities for **phishing, ransomware, and espionage**. Multiple BreachForums-branded sites are now online, complicating attribution and increasing the possibility that some may be impersonation efforts, criminal competition, or potential law enforcement honeypots following repeated takedowns of major cybercrime forums.
Apr 5, 2026