Kiwi Farms says it has been hacked and user details leaked

(Image credit: Shutterstock / Song_about_summer)

Controversial online forum Kiwi Farms has reportedly been hacked, with the user details of some accounts being leaked as a result.

The site, which describes itself as a "community dedicated to discussing eccentric people who voluntarily make fools of themselves", has had an extremely muddied history since it was founded in 2013, being linked to at least three suicides and to the 2019 Christchurch Mosque shooting in New Zealand.

Kiwi Farms has struggled to find support within the tech industry, with cloud hosting infrastructure companies Cloudflare and DDoS-Guard recently choosing to stop providing their services to the site, causing it to become overrun by DDOS attacks.

What actually happened?

Joshua Moon, the defacto leader of the website said in a statement that "a bad actor was able to upload a webpage disguised as an audio file" to XenForo, using the .OPUS lossy audio coding format.

ZenForo is a commercial Internet forum software package used to build forums such as Kiwi Farms

According to Moon, the attacker was then "able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account".

Moon added; "Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precise: email, username, last activity, register date, user state (banned/unverified), post count, and if they are staff."

However, the hackers requests "did not appear to go through because they requested too many records at once" according to the administrator.

Moon admitted that his own admin account "was compromised through this mechanism".

> Plex confirms data hack, user details and passwords stolen

> Heroku confirms user details were stolen by hackers

> Our guide to the best endpoint protection

Kiwi Farms' statement on the matter said all users should assume their passwords have been stolen

In addition, users should assume that their email addresses have been leaked and they should also assume any IP they have used on their Kiwi Farms account in the last month has been leaked.

Want to keep your organization safe and secure? Check out our guide to the best firewalls

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.