PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

4chan Returns, Blames Hack on Failure to Install Software Patches

The messaging board says an attacker 'exploited an out-of-date software package on one of 4chan’s servers, via a bogus PDF upload,' resulting in critical data being exposed.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: 4chan.org)

Nearly two weeks after a major outage, 4chan is back online — but the site now admits it suffered a "catastrophic" hack that exposed critical data, including its source code.

In addition, the whole incident could have been avoided if 4chan’s development team had routinely installed security patches. The messaging board says an attacker “exploited an out-of-date software package on one of 4chan’s servers, via a bogus PDF upload.”

“With this entry point, they were eventually able to gain access to one of 4chan’s servers, including database access and access to our own administrative dashboard,” 4chan wrote in a blog post. “The hacker spent several hours exfiltrating database tables and much of 4chan’s source code.”

The breach happened on April 14, culminating in the hacker vandalizing 4chan’s site. “While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion,” 4chan’s blog post adds. 

4chan didn’t mention the exact vulnerability exploited or how many users were affected in the breach. But the hacker behind the incident leaked screenshots and computer code that suggested 4chan ran on a years-old versions of PHP, a scripting language for websites, and FreeBSD, an OS for servers. 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

As for why it didn’t install the patches, 4chan blames the site’s dire financial situation. Advertisers and web hosts have long shunned the messaging board over its controversial content

“Ultimately, this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns,” 4chan said.

The blog post adds that 4chan had been trying to deploy new servers since 2023, but a lack of funding and a slow migration process prevented it from being done before April 14. 4chan has since installed the security patches. “The server that was breached has been replaced, with the operating system and code updated to the latest versions,” the blog post said. 

Still, some 4chan users are worried the site could suffer another hack since its funding problems persist. However, the blog post notes: “We are bringing on additional volunteer developers to help keep up with the workload.”

It's unclear who is behind the hack. 4chan merely sourced the hijacking to a UK-based IP address. But a rival message board, Soyjak.party, might have been involved since the hacker who vandalized 4chan at one point posted the words: “SOYJAK.PARTY WON.”