Postmortem Site compromised 10-Sep-2019

  • 🏰 The Fediverse is up. If you know, you know.
  • Want to keep track of this thread?
    Accounts can bookmark posts, watch threads for updates, and jump back to where you stopped reading.
    Create account
Status
Not open for further replies.
Due to some concerned Kiwis, the search engine is not happening. I like you guys too much - these keep ticking in. I have all the data on you imported into a mongoDB I can easily search for you if you want to know what data they have on you. If so, send me an e-mail at scaredkiwi@protonmail.com

OMMITANCE.png


EDIT: I cannot stress this enough, if you're going to ask for a neatly formatted blob on the info that got leaked, and if you're affected, then please use something like 10minutemail or guerillamail. DO NOT USE YOUR REAL E-MAIL. Alternatively, click the username-account.txt in the /h folder of the leak, provided by Null. Stay safe, lads.
 
Last edited:
Since I don't know if this compromise strictly follows one of the kiwifarms.x formats or all of them (since this site randomly has me logged in at different ones) I went and changed up everything anyways (goodbye burner email 1, hello burner 1.5) I can't view anything at all on the doc pages it keeps blanking out on me for some strange reason.

Was it all of anyone who ever posted in Animal Control?
 
OhTheBliss said:
Due to some concerned Kiwis, the search engine is not happening. I like you guys too much - these keep ticking in. I have all the data on you imported into a mongoDB I can easily search for you if you want to know what data they have on you. If so, send me an e-mail at scaredkiwi@protonmail.com

View attachment 931620
Click to expand...
Why? What's the fucking point of setting up such a system if searching for it yourself is just as simple as navigating to helpful link to a thread containing the breach data on the top of pretty much every page, opening the CSV (or going to the "h" folder) and hitting CTRL+F? I could understand doing this back a few pages ago when a link to the breach data was buried by pages of posts, but now that Null is hosting the data breach himself and prominently displaying a link to it to boot, there isn't really a point anymore. At least you realized that a HIBP-esque search engine was a sketchy idea.

BTW: I already looked myself up in the CSV and the h folder. Looks like I've escaped the free pizza doxxing extravaganza.
 
Mr. Giggles said:
Why? What's the fucking point of setting up such a system if searching for it yourself is just as simple as navigating to helpful link to a thread containing the breach data on the top of pretty much every page, opening the CSV (or going to the "h" folder) and hitting CTRL+F? I could understand doing this back a few pages ago when a link to the breach data was buried by pages of posts, but now that Null is hosting the data breach himself and prominently displaying a link to it to boot, there isn't really a point anymore. At least you realized that a HIBP-esque search engine was a sketchy idea.

BTW: I already looked myself up in the CSV and the h folder. Looks like I've escaped the free pizza doxxing extravaganza.
Click to expand...

You got ninja'd by my edit essentially coming to the same realization as yourself. Have a nice evening, lad.
 
Well hell, I guess it's safe to say this isn't the end of KF after all. Damn, what a shame.

All that preening and strutting, all that bragging and self-assuredness-- "we've finally got em now!"-- only to be met with the majority users on the site cheering on the leak of their own emails and laughing in the faces of their would-be doxxxxers, even going so far as to demand their admin drop the release himself. And then, we take it a step further, completely dox the accounts behind the leak and within minutes, drive them into privating their social media presence.

Wow what a great job! Really put the screws to us you did. I tell ya, I'm shaking in my boots knowing that a burner and one of my IPs have been discovered. Fucking pwned and fur-pilled, lmao bye felicia, internet incels BTFO forever, gonna go hang myself now.

So much effort to bring a community together. Really we outta thank you. Was it as good for you as it was for us?

Edit: I'm still awaiting my fucking pizza.
 
These hackers suck at their job. They didn't even dox the actual state I live in. I guess Zoe Quinn gave a piss poor bj lol.
 
I'm on the list! Time to wait for my pizza, although because I've been posting about how much Disney sucks nowadays I have the feeling I'll get shitty Disney lootcrates sent to my house instead.

Also, since troon furfags certainly have something to do with faildox this I wonder if the PK filename stood for Purplekecleon, one of the bigger cows in the Animal Control subforums.
 
Xerxes IX said:
I'm on the list! Time to wait for my pizza, although because I've been posting about how much Disney sucks nowadays I have the feeling I'll get shitty Disney lootcrates sent to my house instead.

Also, since troon furfags certainly have something to do with faildox this I wonder if the PK filename stood for Purplekecleon, one of the bigger cows in the Animal Control subforums.
Click to expand...
Doubtful, Eevee is barely capable of putting a website, or his shitty games together.
 
Oh my, I'm on the list!

But hey. I'm cool. Life gives you lemons, make lemonade.

£50 for my autograph, gang! £100 gets the John Hancock AND a photo with me! £1000 gets you autograph, photo, AND a hand-job, but be warned, Tubbo Bustcakes don't do anal.

Third table on the right of the hall, between Rusty Goffe and Karen Gillan.
 
Kiwis doxed a man in another hemisphere by identifying a blue plastic bowl of ice cream and 1/6th of a placemat. These mongs can’t even dox forum users after hijacking the website owner’s personal account for a week.

No wonder no one’s taking credit for it. I’d change my name and move just to escape the shame.
 
If you didn't post since late-August, it seems you're in the green. However, many lurkers/banned users are concerned about the scope of this leak. Granted ~4.5k users were affected, however as far as I can see most used throwaway mails. I've [TERMINATED] the e-mail account that provided a neatly formatted service of checking if you're in the leak, since I was getting a bunch of people spamming me who were either banned or hadn't posted in a long time. Here's a rule of thumb: If you're not autistic, you're not in the leaks.

I encourage you to hit CTRL+F on your name in the /h folder that is now hosted on the Farms instead. This e-mail will no longer reply - and you'll get a not-received receipt back if you try to mail me.

Tip: If your name contains spaces, hit CTRL+F and put underscores where your name is, for example: GLOW IN THE DARK, becomes, glow_in_the_dark-account.txt

We're all gonna make it.

Interestingly, Null mentioned that the user who hacked the site, had created an account (presumably with the same IP/VPN) called @catdogsoup - considering the retardation of this hack, and the missed potential, I'd wager we can get some clues based on this, or maybe it's a nothingburger. Post the IP of the user - check if they're behind a VPN or proxy. If it's a privately hosted proxy, that could be a lead.
 

Attachments

  • Assurance.png
    Assurance.png
    25.3 KB · Views: 193
OhTheBliss said:
Interestingly, Null mentioned that the user who hacked the site, had created an account (presumably with the same IP/VPN) called @catdogsoup - considering the exceptionalism of this hack, and the missed potential, I'd wager we can get some clues based on this, or maybe it's a nothingburger. Post the IP of the user - check if they're behind a VPN or proxy. If it's a privately hosted proxy, that could be a lead.
Click to expand...

It was a TOR exit node.
 
Status
Not open for further replies.
Back
Top Bottom