Establishing Digital Trust: Don't Sacrifice Security for Convenience
Christopher Poole, a.k.a. "moot," the founder of the image-based bulleting board 4chan, recently announced that a hacker had accessed "administrative functions and information from one of our databases" (h/t Softpedia).
The hacker apparently said the motive for the attack was to expose the posting habits of a single user.
"After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database," Poole wrote. "Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted."
According to Poole, the credentials of three 4chan Pass users were accessed, and those users have been offered refunds and lifetime Passes. "As a reminder, all payment information is processed securely by Stripe -- we never see nor store any of it, and thus no payment information was compromised," Poole wrote.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The software vulnerability leveraged by the hacker has been patched, and Poole says dozens of hours have already been spent going over 4chan's software and systems to prevent future breaches.
"We’re sorry it happened, and will do our best to ensure it doesn’t happen again," Poole wrote.