{"id":20151,"date":"2022-09-20T16:10:56","date_gmt":"2022-09-21T00:10:56","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/09\/20\/news-13884\/"},"modified":"2022-09-20T16:10:56","modified_gmt":"2022-09-21T00:10:56","slug":"news-13884","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/09\/20\/news-13884\/","title":{"rendered":"Kiwi Farms breached, user data potentially exposed"},"content":{"rendered":"<p dir=\"ltr\">The operators of a site known to most observers for being in a <a href=\"https:\/\/www.theguardian.com\/technology\/2022\/sep\/04\/cloudflare-reverses-decision-and-drops-trans-trolling-website-kiwi-farms\">recent state of flux<\/a> have announced a forum breach. Kiwi&nbsp;Farms, which gained a reputation for <a href=\"https:\/\/www.nbcnews.com\/tech\/internet\/cloudflare-kiwi-farms-keffals-anti-trans-rcna44834\">sophisticated trolling and doxxing<\/a>, was recently dropped by Cloudflare after a sustained campaign to have the DDoS mitigation and cloud hosting service abandon the forum.<\/p>\n<p dir=\"ltr\">The site has since returned, but with a major problem: a <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/09\/kiwi-farms-has-been-breached-assume-passwords-and-emails-have-been-leaked\/\">breach<\/a> which potentially reveals a large amount of user data.<\/p>\n<h2 dir=\"ltr\">The breach revealed<\/h2>\n<p dir=\"ltr\">The site creator had the following to say in relation to the compromise:<\/p>\n<p dir=\"ltr\"><em>The forum was hacked. You should assume the following.<\/em><\/p>\n<p dir=\"ltr\"><em>Assume your password for the Kiwi Farms has been stolen.<\/em><\/p>\n<p dir=\"ltr\"><em>Assume your email has been leaked.<\/em><\/p>\n<p dir=\"ltr\"><em>Assume any IP you&#8217;ve used on your Kiwi Farms account in the last month has been leaked.<\/em><\/p>\n<p dir=\"ltr\">The attack made use of the synergy between the main forum site and a second site, XenForo. The latter is a <a href=\"https:\/\/en.wikipedia.org\/wiki\/XenForo\">commercial internet forum software package<\/a> written in PHP. Attackers created a webpage disguised as an audio file to XenForo, loading this page elsewhere in a manner which caused user authentication cookies to be sent off-site. The main admin account for the forum was apparently hijacked in this same fashion.<\/p>\n<h2 dir=\"ltr\">The fallout from a forum&nbsp;compromise<\/h2>\n<p>We often warn about using forums without implementing the proper failsafes and protection, and a breach such as this hammers home the point. A lot of users on the site may now have a lot of information exposed that they&rsquo;d really rather not. Similarly, curious observers or even unwary researchers or law enforcement may have registered and not considered the possibility of a data leak.<\/p>\n<p>This data could end up anywhere, and there&rsquo;s no surefire way to know what&rsquo;s been taken. It could end up on other forums, data dumps, or in the hands of law enforcement agencies. No matter what site you&rsquo;re registered on, you should consider:<\/p>\n<ul>\n<li dir=\"ltr\" style=\"list-style-type: disc;\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Use different passwords for all sites. Once those data dumps go public, cybercriminals will try&nbsp;logging in to other accounts using the same email and username combinations.<\/p>\n<\/li>\n<li dir=\"ltr\" style=\"list-style-type: disc;\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Consider using a VPN, TOR, or some other method to obscure your IP address. Some forums insist on people using their real IP address when registering and posting to a forum, and may even ban or block VPNS, proxies, and other services.<\/p>\n<\/li>\n<li dir=\"ltr\" style=\"list-style-type: disc;\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">Be careful what you reveal to other site users via direct messages. People tend to not delete these messages, and sites don&rsquo;t always auto-prune older messages. It&rsquo;s also possible sites may store data sent and received, and not even tell you.<\/p>\n<\/li>\n<\/ul>\n<p>It remains to be seen what happens to Kiwi&nbsp;Farms, and the site owner is looking to migrate away from aspects of the site which led to this compromise. For now, it&rsquo;s a timely reminder to keep on top of potential system vulnerabilities and also consider what data you may be leaving on a site for others to collect at the worst possible moment.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/kiwifarms-breached-user-data-potentially-exposed\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding='10'>\n<tr>\n<td valign='top' align='left'>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/news' rel='category tag'>News<\/a><\/p>\n<p>Tags: Kiwifarms<\/p>\n<p>Tags:  breach<\/p>\n<p>Tags:  compromise<\/p>\n<p>Tags:  exposure<\/p>\n<p>Tags:  forum<\/p>\n<p>Tags:  forums<\/p>\n<p>Kiwi Farms, which gained a reputation for sophisticated trolling and doxxing, has experienced a potentially severe data breach.<\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/kiwifarms-breached-user-data-potentially-exposed' title='Kiwi Farms breached, user data potentially exposed'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel='nofollow' href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/kiwifarms-breached-user-data-potentially-exposed'>Kiwi Farms breached, user data potentially exposed<\/a> appeared first on <a rel='nofollow' href='https:\/\/www.malwarebytes.com'>Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[11510,18865,27561,27112,17410,27560,32],"class_list":["post-20151","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-breach","tag-compromise","tag-exposure","tag-forum","tag-forums","tag-kiwifarms","tag-news"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20151"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20151\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20151"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}