Kiwi Farms says someone hacked its website

Kiwi Farms, a forum that's long been accused of fostering targeted online and real-world harassment campaigns, says that someone hacked its proxy service and website. As noted by cybersecurity researcher Kevin Beaumont, it told users in a Telegram message that all avatars had been changed to the logo of another website (said to be another purported "free speech" forum) and that "each node on the forum index was deleted one at a time."

While Kiwi Farms apparently has backups and none of the forum data has been permanently deleted, users' personal information may have been compromised. Founder Joshua Moon told users to assume that their email and password information has been obtained, as well as the IP address of any device they've used to access Kiwi Farms in the last month.

Kiwi Farms’ proxy service and Kiwi Farms itself has been hacked.

My guess would be users might want to change their passwords and consider DMs etc may be compromised. pic.twitter.com/NU6EJPKFou

— Kevin Beaumont (@GossiTheDog) September 18, 2022

"I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once," Moon wrote in a statement on the Kiwi Farms website. "This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence either way."

The hacker is said to have used an injected script to gather data from users' systems. Moon said they accessed his admin account as a result of this method. Moon added that he would restore the site from a backup, but noted that the process (as well as reviewing Kiwi Farms' security procedures) would take some time. However, he noted on Telegram today that he had to leave for a week to deal with a family emergency. Some Kiwi Farms users are turning on Moon over the incident.

After the site was compromised and user data leaked due to bad coding by Joshua Moon, Kiwi Farms users are turning against him. pic.twitter.com/9jm3E75lC2

— Clara Sorrenti (@keffals) September 18, 2022

Earlier this month, Kiwi Farms was effectively forced off of the open web following an effort to take down the forum. Streamer and political commentator Clara “Keffals” Sorrenti, a prominent target of a harassment campaign that allegedly stemmed from the website, started the movement to bring down Kiwi Farms. While Moon was later able to bring the forum back online through other means.

Cloudflare, a DDoS protection company, kicked Kiwi Farms off its service due to a significant increase in targeted threats originating on the site. That seems to have played a role in this weekend's hack. "Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this," Moon wrote.