Security Operations

Harassment Site Kiwi Farms Breached

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made
Harassment Site Kiwi Farms Breached

Stalker's paradise Kiwi Farms is warning users to assume their email, password and IP addresses have been leaked following a weekend hack.

A statement on the site says hackers gained access to site administrator Joshua Moon's account and executed a command to download user data. The command appears to have failed but hackers may have scraped information through another method.

See Also: Building Better Security Operations Centers With AI/ML

"I cannot say with any confidence either way," Moon says. Log records suggest the attacker attempted to exfiltrate the user database but the attempt failed "because they requested too many records at once," Moon says.

Kiwi Farms, whose harassment campaigns against transgender and nonbinary people have played a role in multiple suicides, earlier this month lost security protections offered by content delivery network provider Cloudflare, which described the site as an "immediate threat to human life."

Besides shielding the site from denial-of-service attacks, Cloudflare thwarted hacking attempts such as the scripting attack uploaded to the site that allowed the attacker to obtain authentication cookies, as Moon describes the attack. He says a webpage uploaded to the site ends in .opus, an audio file format developed for online streaming.

Security researcher Kevin Beaumont says on Twitter it appears the script posted Kiwi Farms user information and credentials for a month on a website that now resolves to a GitHub page.

The incident has drawn panicky reactions from users on Telegram who fear the revelation of their real identities.

Kiwi Farms recently regained the spotlight following a campaign by Clara Sorrenti, a Twitch streamer and transgender activist who launched after becoming a target of the site.

"Kiwi bros, Joshua Moon didn't do his due diligence in protecting your information. I know you hate me, but if the data leak gets posted some of you are going to lose your jobs or go to jail. Josh hurt you more than I ever could. He's your real enemy," she tweeted after the hack became public.

Domain registrar DreamHost earlier this summer reportedly yanked support for the site. After losing Cloudflare's protection, Moon gained denial-of-service protection from Russian firm DDoS-Guard, which quickly decided to stop providing services, Russian media reported earlier this month.

A third content delivery network provider, Lisbon-based DiamWall, terminated services for the site on Thursday. "We really do not want to have anything to do with it," wrote CEO Hugo Carvalho.

Kiwi Farms is currently offline, and only a breach notification is displayed on its homepage. Moon says it will take him some time to reinstate the website completely to a point before Sept. 17, when backups were last taken. Moon says on Telegram he is taking a break for a week.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.