Controversial imageboard 4chan was taken offline on Tuesday following a major security breach reportedly carried out by members of rival forum Soyjak Party. The attackers claim to have accessed the site’s backend systems, leaked source code, and published screenshots of internal admin tools, databases, and even personal information of 4chan staff.
The hack was announced late Monday night on Soyjak.party, where a user going by the name “Chud” said the breach was the culmination of a long-term infiltration dubbed “Operation Soyclipse.” According to Chud, the attacker had access to 4chan’s infrastructure for over a year before the operation was carried out.
"Tonight has been a very special night for many of us at the Soyjak Party," Chud wrote. "A hacker, who has been in 4cuck's system for over a year, executed the true Operation Soyclipse, reopening /qa/, exposing personal information of various 4cuck staff, and leaking code from the site."
The leak includes screenshots of staff administration panels, database tools, and internal site statistics. If legitimate, these tools could allow the attackers to access IP addresses and location data of users, restart or modify boards, and browse historical logs. One of the images appears to show full access to 4chan’s phpMyAdmin interface.
Speculation about the cause of the breach points to outdated backend software. Sources on Soyjak Party allege that 4chan was still running a PHP version from 2016 rife with unpatched vulnerabilities. Later in the day, the forum’s PHP source code was posted to Kiwi Farms.
Founded in 2003 by Christopher Poole, also known as “moot,” 4chan has long been associated with internet subcultures and has hosted many controversial and politically charged discussions. It has also served as a leak hub for stolen data from major companies including Microsoft, Intel, Twitch, and Disney.
