The Family Federation for World Peace and Unification (FFWPU), a prominent South Korean religious movement also known as the Unification Church, along with its affiliated corporate conglomerate Tongil Group, has allegedly been compromised. A post on a dark web forum is currently advertising the sale of extensive internal databases and personal information associated with the organization’s various domains and services. The seller claims the data was acquired between January and March 2026, primarily exploiting an Insecure Direct Object Reference (IDOR) vulnerability.
According to the allegedly compromised data samples and forum post, the exposed information includes:
-
1.29 million lines of personal information
-
6,600 account records containing plaintext passwords
-
10GB Enterprise Resource Planning (ERP) MSSQL database backups
-
Scanned identification documents of employees, including driver’s licenses
-
300MB Human Resources Database (HRDB) Oracle backup dump
-
1GB MySQL dump affecting multiple organizational domains (e.g., familyfedihq.org, sunhakpeaceprize.org)
