Chat Forum Kiwi Farms Announces Data Breach
Table of Contents
- By Steven
- Published: Oct 10, 2022
- Last Updated: Oct 11, 2022
Kiwi Farms is a chat forum for harassment campaigns such as swatting, doxing, and archiving mass shooters' manifestos and live-streamed content. The platform is well known for harassing the family of Lizzy Waite for weeks after her death. Lizzy was a trans woman in North Dakota who committed suicide in her home in 2016 and posted her suicide note on Facebook. Its members are also responsible for the stalking and harassing of YouTuber Keffals.
How Did the Attack Occur?
The attack resulted from the site administrator, Joshua Moon, having his account compromised. A hosting site for the forum, XenForo, was breached through links made to look like audio files. The hacker then used the link to hijack the admin's account, giving the hacker access to all of the forum's files. The hacker then sent links to the forum users, convincing them that the connection was to another "free speech" forum. Once the individuals used the links, the hackers deleted their information from the site.
What Information Was Viewed or Stolen?
The viewed information is unknown at this time. However, we know that, under the username Null, Moon posted, “The forum was hacked. You should assume the following. Assume your password for the Kiwi Farms has been stolen. Assume your email has been leaked. Assume any IP you’ve used on your Kiwi Farms account in the last month has been leaked.” The forum recently had its security managing company, Cloudflare, block the forum. The lack of security measures is most likely what caused this recent hack. Many users blame Cloudflare for the breach, even though Cloudflare cited an “imminent and emergency threat to human life” as the reason for the blockage.
How Did Kiwi Farms Admit to the Breach?
From what we can tell, Moon alerted users immediately after he was notified about the breach. His post on the subject seemed detached and hastened, suggesting he was rushing back to the investigation. This was likely a deliberate attack following the Drop Kiwi Farms campaign that Kaffles, an activist, created following several assaults on her and her fiance. The group had sent police to her home following a violent and unprecedented phone call, forced her out of her own home, tracked her down at the hotel where she was staying, hacked her UberEats account, and had hundreds of dollars of food sent to her under her dead name.
What Will Become of the Stolen Information?
At this point, it seems as if nothing will come of the breach. The website had all its information backed up onto a separate server, so no information was permanently lost.
What Should Affected Parties Do in the Aftermath of the Breach?
In the aftermath of the breach, the best thing we can suggest is to download software designed to alert you when your information is somewhere you don’t want it. These software will let you know where the stolen data is, letting you contact the necessary authorities to deal with the issue. There is also software to let you know if you have any ransomware on your device that will allow you to delete the affected files. If you or someone you care for have been the victim of stalking or online threats, there are resources you can reach out to for help. The Victim Connect Resource Center is a great place to find out how and where you can get assistance if you feel unsafe.
