On April 15, 2025, the notorious imageboard 4chan experienced a significant security breach, resulting in the exposure of sensitive administrator data and the leak of 270GB of internal source code from The New York Times NYT. The breach has raised serious concerns about cybersecurity practices and the potential implications for both 4chan and the NYT.
The 4chan breach was first noticed when the sites dormant qa board reappeared with a message stating U GOT HACKED. Screenshots posted on rival forum Soyjak.party claimed access to 4chans backend systems, including alleged doxes of administrators. Cybersecurity expert Alon Gal from Hudson Rock deemed the hack credible, referencing these screenshots citeturn0news13.
Reports suggest that the breach may have been due to outdated, unpatched software, potentially compromising the anonymity of administrators, moderators, and users by revealing IP addresses, emails, and other personal information citeturn0news12. The attack, rumored to have been ongoing for over a year, could have serious implications, including legal consequences and potential loss of platform credibility.
In a related incident, an anonymous threat actor on 4chan leaked 270GB of data belonging to the NYT after targeting its GitHub account. The leaked data reportedly contains around 3.6 million files, including source code for the NYTs website, mobile applications, internal tools, and content management systems. It also includes a database with user information, the source code of the game Wordle, and various authentication methods, such as URLs, passwords, secret keys, and API tokens citeturn0search2.
The NYT confirmed that the leak occurred in January 2024 due to the accidental exposure of a credential for a thirdparty cloudbased code platform. While the NYT stated that there is no evidence of unauthorized access to its internal systems or any impact on operations following the leak, the incident underscores the increasing vulnerabilities even at highprofile institutions citeturn0search7.
These incidents highlight the need for robust cybersecurity measures and the potential consequences of lapses in digital security. As investigations continue, both 4chan and the NYT are expected to undergo thorough security reviews to prevent future breaches.