Kiwi Farms says someone hacked its website

Kiwi Farms, a forum that's long been accused of fostering targeted online and real-world harassment campaigns, says that someone hacked its proxy service and website. As noted by cybersecurity researcher Kevin Beaumont, it told users in a Telegram message that all avatars had been changed to the logo of another website (said to be another purported “free speech” forum) and that “each node on the forum index was deleted one at a time.”

While Kiwi Farms apparently has backups and none of the forum data has been permanently deleted, users' personal information may have been compromised. Founder Joshua Moon told users to assume that their email and password information has been obtained, as well as the IP address of any device they've used to access Kiwi Farms in the last month.

“I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once,” Moon wrote in a statement on the Kiwi Farms website. “This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence either way.”

The hacker is said to have used an injected script to gather data from users' systems. Moon said they accessed his admin account as a result of this method. Moon added that he would restore the site from a backup, but noted that the process (as well as reviewing Kiwi Farms' security procedures) would take some time. However, he noted on Telegram today that he had to leave for a week to deal with a family emergency. Some Kiwi Farms users are turning on Moon over the incident.

Earlier this month, Kiwi Farms was effectively forced off of the open web following an effort to take down the forum. Streamer and political commentator Clara “Keffals” Sorrenti, a prominent target of a harassment campaign that allegedly stemmed from the website, started the movement to bring down Kiwi Farms. While Moon was later able to bring the forum back online through other means.

Cloudflare, a DDoS protection company, kicked Kiwi Farms off its service due to a significant increase in targeted threats originating on the site. That seems to have played a role in this weekend's hack. “Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this,” Moon wrote.