Kiwi Farms Breached; Assume Passwords, Emails, IP Addresses Have Leaked

ArsTechnica reports: The head of Kiwi Farms said the site experienced a breach that allowed hackers to access his administrator account and possibly the accounts of all other users. On the site, creator Joshua Moon wrote: "The forum was hacked. You should assume the following. Assume your password for the Kiwi Farms has been stolen. Assume your email has been leaked. Assume any IP you've used on your Kiwi Farms account in the last month has been leaked." Moon said that the unknown individual or individuals behind the hack gained access to his admin account by using a technique known as session hijacking, in which an attacker obtains the authentication cookies a site sets after an account holder enters valid credentials and successfully completes any two-factor authentication requirements. The session hijacking was made possible after uploading malicious content to XenForo, a site Kiwi Farms uses to power its user forums.

Read more of this story at Slashdot.