Ars Technica, a foreign tech media, reported on the cyber attack damage of Kiwi Farms, an internet forum that used to stalk and threaten sexual minorities.
Kiwi Farms creator Joshua Moon revealed that hackers have gained access to his account. Currently, the identity of the hacker force has not been revealed, and it is known that Kiwi Farms hijacked a session after uploading malicious content to XenForo, a site used to operate a user forum.
The file name of the malicious file ends in ‘.opus’, which is the same as the extension file of a specific audio format. The files were posted directly to XenForo after injection of a custom Rust-based chat program.
Moon said, “Hacker forces posted malicious files disguised as audio files on XenForo. In addition, the hacker forces executed malicious files on webpages, convincing arbitrary users to execute automated requests and send authentication cookies to places other than the Kiwi Farms site to steal account information. Prior to the theft of user information, the administrator account was also hijacked in the same way.”
It also warns users, “You have to guess that the user account password, email information, and IP address have all been leaked.”
The hacker forces used the administrator account to issue commands to XenForo and obtained their email address, username, last activity, and user personal information.
The Kiwi Farms hacking occurred at the time when the network provider Cloudflare’s decision to suspend the service supply was officially announced after Kiwi Farms users became controversial for crimes such as collective harassment, physical threats, and stalking targeting LGBTI individuals.
In response, personal security researcher Kevin Beaumont said, “Joshua Moon was aware of what was happening in the Kiwi Farms community via Telegram chat, but did not address the issue. It means that you have overlooked the crimes of other users.”