A hacker known by the pseudonym “Valerie” has claimed responsibility for hacking into Ya-moon, a well-known South Korean private pornography website and forum. The hack reportedly occurred in June 2024 utilizing a zero-day vulnerability, although the specific details of the breach were only disclosed recently.
Ya-moon has been in operation since 1990 and has gained notoriety for hosting illegal content such as Child Sexual Abuse Material (CSAM), hidden camera footage, revenge porn, and videos depicting rape. Users of the site have been known to engage in activities like gang rape, the exploitation of minors, and coercion of women into sexual acts.
Despite previous efforts by South Korean authorities, Interpol, and U.S. law enforcement to shut down Ya-moon, these attempts have been unsuccessful. However, a significant data breach has now exposed the personal information of the site’s users, with 326,000 lines of data being made public.
The hacker claimed that after providing a portion of the data to a “databroker” who subsequently vanished, they decided to release the full dataset independently due to lack of action following the breach.
The leaked data includes usernames, IP addresses revealing user locations, email addresses (some linked to real identities), and plaintext passwords indicating weak security measures. Additionally, the dataset contains information on user activity, including date of joining the forum, chat logs discussing illegal activities, and uploaded content.
Furthermore, private communications such as inbox messages exchanged between users, potential evidence of coordination or transactions, and discussions about law enforcement activity are also included in the leak. If authenticated, this data breach could have serious consequences for users engaged in illegal activities on the platform, as it could lead to their identification by law enforcement agencies.
Analysis of the leaked data reveals that the majority of users’ IP addresses originate from South Korea, suggesting that Ya-moon primarily caters to a domestic audience involved in illegal content distribution. This information could prove valuable to South Korean authorities in their efforts to combat online sex crimes and may result in arrests and legal action against those involved in criminal activities on the platform.
South Korea has a history of addressing online sex crimes, including recent high-profile cases like the Nth Room scandal. If the leaked data is verified, it could lead to arrests and prosecutions, similar to past dark web takedowns, potentially deterring individuals from engaging in illicit activities online.
This breach targeting a site associated with CSAM is not unprecedented, as hacktivists previously targeted Freedom Hosting II in 2017, resulting in the shutdown of numerous CSAM websites on the dark web. This incident underscores the ongoing challenges faced by law enforcement in combating online exploitation and abuse.
In conclusion, the hack of Ya-moon and the subsequent data breach have exposed the platform’s users to potential legal consequences, highlighting the persistent threat posed by illicit online activities and the importance of cybersecurity measures to protect user data and privacy.