The internet forum 4chan, which recently suffered a major data breach following a hacker attack, has begun to resume operations after a two-week disruption. However, the forum has lamented a severe lack of necessary funding for maintenance and is now recruiting new community volunteers to help shoulder backend responsibilities.
4chan has essentially confirmed that the breach resulted from outdated software packages that left vulnerabilities open to exploitation. On April 14, a hacker using a UK-based IP address uploaded a malicious PDF file, leveraging flaws in expired server software to gain access to one of the servers—a server that also provided access to the site’s databases and administrative panel.
The attacker then spent several hours exfiltrating much of 4chan’s source code and database tables. After completing the data theft, the hacker began to vandalize the forum, at which point administrators detected the intrusion and quickly took the compromised server offline, severing the hacker’s access.
The forum attributed the breach to chronic underfunding, which prevented timely updates to its operating systems, codebase, and core infrastructure. Owing to its long-standing association with hate speech, violent content, and extremism, 4chan has found itself largely abandoned by advertisers, resulting in a financial shortfall that left it critically understaffed.
4chan revealed that efforts to procure new servers began in late 2023. Until then, the forum had been operating on second-hand servers purchased by its founder, Christopher Poole, who departed the project in 2015 and has had no further involvement since.
By April 2024, 4chan had finalized the specifications for new servers and initiated procurement, but securing a vendor proved difficult—many server providers were unwilling to associate with 4chan due to reputational concerns. It was not until June 2024 that the hardware acquisition was completed, with server installations finalized in July. Content migration began thereafter, albeit slowly.
During the migration, many critical services remained dependent on the aging infrastructure, and according to 4chan, every phase of the transition took significantly longer than anticipated. Only after the attack did the forum replace the compromised server and upgrade its software packages to the latest versions.
As a preventative measure, 4chan has since disabled the PDF upload function to avert similar attacks and has also shuttered its Flash board, citing concerns that hackers might exploit vulnerabilities through .swf file uploads. Given that Adobe Flash is no longer supported and has become increasingly insecure, disabling these functions was deemed necessary to bolster site defenses.