The attacker gained access to the administrative functions and successfully hacked into one of 4chan’s database by exploiting a website's software vulnerability last week. The motive behind the hack was to expose the posting habits of a specific user the attacker didn't like, moot wrote.
It is believed that the software vulnerability allowed the attacker to hack into only the image-board moderation panels, and some tables in the 4chan back-end database. According to the blog post, the way hacker extracted the information from its database, 4chan knows the “detailed logs of what was accessed”, which indicate that the “primarily moderator account names” and their “credentials” were targeted and compromised by the hacker.
"Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted," reads the blog post.
The hacker was able to access the Pass credentials of three 4chan Pass (paid account without CAPTCHAs system) users, who have been notified by the company shortly after the discovery of the attack and offered refunds along with the lifetime Passes.
The founder of the 4chan assured its users that their financial information has not been compromised in the attack as 4chan doesn’t process any payment information and all the payment information is “processed securely” by the Stripe.
After 4chan aware of this software vulnerability exploited by the hacker, it was patched quickly and 4chan assured its users that they continue to review its software and systems to prevent future attacks and breaches.
A week ago, Moderators of Social-sharing website Reddit were under attack after being accused of censoring posted links containing words like “National Security Agency,” “Edward Snowden” and even “Bitcoin" on the website's subreddit r/technology.
The Reddit moderators have lost their focus of what they were there to do. Their job is to moderate effectively, but this secret censorship is a “disaster” as it lost the transparency between the user and the service.
4chan apologized for the inconvenience caused to its users, but this is not first time hacker targeted 4chan. Back in June 2012, the hacker UGNazi changed the DNS for 4chan and redirected its visitors to UGNazis Twitter account.
