Open Navigation

Anycubic users say their 3D printers were hacked to warn of a security flaw

Zack Whittaker @zackwhittaker / 2 months

a photo of one of Anycubic's 3D printers close up on a black and darkened background

Image Credits: Anycubic

Anycubic customers are reporting that their 3D printers have been hacked and now display a message warning of an alleged security flaw in the company’s systems.

Numerous threads on news sharing site Reddit show similar reports (hat tip to @dan) of users receiving an unsolicited text file on their Anycubic 3D printers with the file name “hacked_machine_readme.” The planted text file claims Anycubic has a “critical vulnerability” and warns the user to take action to “prevent potential exploitation.”

The text file reads in part:

Your machine has a critical vulnerability, posing a significant threat to your security. Immediate action is strongly advised to prevent potential exploitation. Feel free to disconnect your printer from the internet if you don’t wanna get hacked by a bad actor! This is just a harmless message. You have not been harmed in any way.

The text file described an unspecified vulnerability in Anycubic’s MQTT service, which allegedly allows the ability to “connect and control” customer 3D printers that are connected to the internet. MQTT is a popular messaging protocol often used by apps and internet-connected devices for communicating with a company’s back-end servers, in this case Anycubic’s systems.

Anycubic’s app was down at the time of writing when TechCrunch checked. Users trying to log in were met with a “network unavailable” error message.

The person who authored the text file claimed they sent the message to 2.9 million Anycubic 3D printers. Anycubic’s James Ouyang said in a July 2023 interview that his company had 3 million cumulative sales.

Ouyang said in an email to TechCrunch: “We are investigating very carefully. There will be an official announcement very soon,” but did not comment further.

“Disconnect your printer from the internet until anycubic patches this issue,” the text file reads.

Do you know more about the Anycubic incident? You can contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849, or by email. You also can contact us via SecureDrop.

Updated with a response from Ouyang.

Read more on TechCrunch: