4chan forum hacked, taken offline
Take action: When you are in the business of trolling and insulting a bunch of people, make sure to patch your infrastructure. Because everyone has a beef against you.
Learn More
A security breach has impacted the notorious online forum 4chan, causing the site to go offline on April 14, 2025. The attack has been claimed by members of the Soyjak.party imageboard (also known as "The Party"), who have published evidence of extensive access to the site's administrative systems.
The hackers claim to have been inside 4chan's systems for over a year before executing what they called "operation soyclipse." During the attack, they:
- Reopened the "/qa/" board
- Exposed personal information of various 4chan staff members
- Leaked source code from the site
- Published screenshots of admin panels and maintenance tools
4chan administrators took all servers offline in an attempt to control the damage. Prior to the complete shutdown, the site was either loading in text-only mode or displaying Cloudflare connection timeout errors, possibly due to ongoing recovery efforts.
The breach reportedly compromised sensitive information, including:
- A list of emails allegedly belonging to 4chan administrators, moderators, and janitors
- Access to user location and IP address data
- Personal information of 4chan Pass subscribers (paid users who bypass post counters and access a VIP board)
The attack vector has not been officially confirmed but some sources suggest the breach likely occurred due to 4chan using a severely outdated PHP version from 2016 that remained unpatched against numerous security vulnerabilities.
The hackers gained access to powerful administrative tools that provided capabilities to:
- Access any user's location and IP address
- Rebuild or restart any 4chan boards
- Access board logs
- View site statistics
- Manage databases using 4chan's phpMyAdmin panel
Following the initial breach, 4chan's PHP source code was also leaked on the anonymous forum Kiwi Farms (previously known as CWCki Forums).
One 4chan janitor spoke to TechCrunch on condition of anonymity and expressed confidence that the leaked data and screenshots are authentic, stating: "I have no reason to believe otherwise." The janitor acknowledged the serious nature of the breach, noting that while 4chan's moderation team had experienced leaks in the past, "this is obviously an issue of greater magnitude."
This cyberattack could have significant implications given 4chan's controversial history and ties to various political movements. The site, which has been online since 2003 when it was founded by Christopher Poole (known online as "moot"), has been associated with both innocuous internet memes and more concerning content, including the origination of QAnon and connections to individuals who later committed violent acts.
