Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made
Stalker’s paradise Kiwi Farms is warning users to assume their email, password and IP addresses have been leaked following a weekend hack.
A statement on the site says hackers gained access to site administrator Joshua Moon’s account and executed a command to download user data. The command appears to have failed but hackers may have scraped information through another method.
See Also: C-Suite Round-up: Connecting the Dots Between OT and Identity
“I cannot say with any confidence either way,” Moon says. Log records suggest the attacker attempted to exfiltrate the user database but the attempt failed “because they requested too many records at once,” Moon says.
Kiwi Farms, whose harassment campaigns against trans and non-binary people have played a role in multiple suicides, earlier this month lost security protections offered by content delivery network provider Cloudflare, which described the site as an “immediate threat to human life.”
Besides shielding the site from denial-of-service attacks, Cloudflare thwarted hacking attempts such as the scripting attack uploaded to the site that allowed the attacker to obtain authentication cookies, as Moon describes the attack. He says a webpage uploaded to the site ends in .opus, an audio file format developed for online streaming.
Security researcher Kevin Beaumont says on Twitter it appears the script posted Kiwi Farm user information and credentials for a month on a website that now resolves to a github page.
The incident has drawn panicky reactions from users on Telegram who fear the revelation of their real identities.
Kiwi Farms recently reemerged into the spotlight following a campaign by Clara Sorrenti, a Twitch streamer and transgender activist who launched Dropkiwfarms.net after becoming a target of the site.
“Kiwi bros, Joshua Moon didn’t do his due diligence in protecting your information. I know you hate me, but if the data leak gets posted some of you are going to lose your jobs or go to jail. Josh hurt you more than I ever could. He’s your real enemy,” she tweeted after the hack became public.
Domain registrar DreamHost earlier this summer reportedly yanked support for the site. After losing Cloudflare’s protection, Moon gained denial of service protection from Russian firm DDoS-Guard, which quickly decided to stop providing services, Russian media reported earlier this month.
A third content delivery network provider, Lisbon-based DiamWall, terminated services for the site on Thursday. “We really do not want to have anything to do with it,” wrote CEO Hugo Carvalho.
Kiwi Farms is currently offline with only a breach notification displayed on its homepage. Moon says it will take him some time to reinstate it completely to a point before Sept. 17, when backups were last taken. Moon says on Telegram he is taking a break for a week.