Japan’s top BBS 2ch.net is reeling after being hacked, with the credit cards and personal details of tens of thousands of users leaked and their anonymity in tatters, and posting disabled across swathes of the site.
Due to 2ch threads expiring in a matter of days or hours on the more active boards, a ¥300 a month premium membership was instituted to allow access to the archived material, requiring credit card details for payment.
Given the site’s pathetically obsolete technology it is sadly no surprise to learn that they apparently held all these details in unencrypted form on their own public-facing servers, allowing unknown hackers to make off with them and later post them on Tor.
The American company providing the “2ch Viewer” provides a profoundly uninformative explanation and an oddly worded apology (in fact the Japanese translation posted differs significantly and mentions “changing our passwords”):
N.T.Technology, inc was a victim of a cyber attack earlier today.
Some data for customers was compromised. Your data may have
been compromised. The security hole has been fixed, and is safe to use again.
We are now preparing for the fix.
Please accept my apology for your inconvenience.
Despite this rather dubious assurance, signups are suspended and the service is due to be taken down for “maintenance” shortly.
2ch has made very little official comment on the matter (it does not even mention it on its own site), but semi-official incident summaries from their support boards confirm the following:
17,651 paid accounts and 146,217 trial accounts in total were leaked
All credit card numbers, names, addresses and email addresses associated with these leaked and are available publicly
A further 40,000 trip codes and mail addresses were leaked
2 months of posting data from 6/15 – 8/10 was leaked, affecting all posters
2ch’s management acknowledged the actual hack occurred on the 20th, but they only realised 5 days later when the pilfered data started to surface in public
“Fortunately” 2ch conducted very little checking of the personal information it collected, allowing signups with false data and various prepaid digital cash – a relief to the more circumspect users
Thread creation on a large number of “news” boards has also been disabled, largely because it was formerly restricted only to privileged users, whose accounts were all hacked – with the result that the boards were immediately rendered useless by a profusion of anti-Japanese and anti-Korean troll threads from users taking advantage of the leaked trip codes.
2ch’s management is said to be looking to pursue legal action against the hackers and those publishing the material on the web, although given the level of tech-savvy displayed by both them and police, and their less than harmonious relationship with the authorities, this does not seem promising.
Aside from the direct exposure of personal details, scrutiny of the exposed posting histories is also revealing a variety of the shady “stealth marketing” antics of all manner of groups and companies on the site – and looks likely to do more than a little reputational damage given the level of the average 2ch post.
Even 2ch founder Hiroyuki has been having an easy time of things of late – police attempts to prosecute him for drug-dealing for not deleting certain posts seem to have stalled, but tax authorities say he failed to report 100 million yen in income and just after 2ch was hacked so was his Twitter account, being defaced with anti-Japanese slogans:
Some cannot help but notice all this does not sit well with the theme of his upcoming book: