>>22756014Some semi-obscure hacks/exploits/compromises I'm aware of:
2008 - The SaviorChan botnet operators allegedly discover a bug that lets them delete any thread or post, and use it on furry threads until it's patched. I've been unable to find any more information about how this worked or when exactly it happened (if it even happened and wasn't just a rumor taken as fact by ED)
2009 or 2010 - the file that stored the textboard mod password hashes, shadow.cgi leaked. At least one decrypted password was reused for a mod account on the imageboards. Supposedly anons just deleted/banned shitty threads before someone "abused" it too badly and they got caught.
August 2011 - /g/ gets in again. This hack led to the first known /j/ leaks, along with much of the moderation backend. It's possible this is the result of the shadow.cgi leak, and the connection has become lost or forgotten since then. The archives are kinda spotty around the time this happened and anons recounting it later didn't go into much detail. It's also possible this is a result of the February 2009 imgboard.php source leak.
January 2013 - Aussiemoot discovers how to read and post to /j/ without an account, thanks to the now four year old code leak. He also abuses the post form on /f/ to LARP as moot on /b/ and upload a flash file to /q/, which steals cookies.
June 2013 - Hacker group UGNazi hacks the CEO of CloudFlare and changes 4chan's DNS to redirect to their twitter page.
https://www.helpnetsecurity.com/2012/06/04/ugnazi-attack-4chan-cloudflare/December 2018 - A discord group hijacks or is given access to a janitor account that has access to /fit/ and /g/, both boards are wiped and a single post from /j/ is leaked
July 2021 - In the wake of the new captcha, /hap/ discovers that it's possible to "lock" a post from being reported. I believe this was caused by the reports page being cached accidentally.
https://desuarchive.org/qa/thread/4692003/#4699153 