The Family Federation for World Peace and Unification (FFWPU) and its Tongil Group affiliates are alleged to have been breached, with a dark web post offering extensive internal databases and personal records for sale. The seller claims the data was exfiltrated between January and March 2026 via an IDOR vulnerability and includes 1.29 million lines of personal information, plaintext passwords, ERP MSSQL and HR Oracle backups, scanned IDs, and multi-domain MySQL dumps. #FFWPU #IDOR
Keypoints
- A dark web vendor is advertising internal databases and personal data from FFWPU and Tongil Group.
- The breach is claimed to have occurred between January and March 2026 by exploiting an IDOR vulnerability.
- Exposed data reportedly includes 1.29 million lines of personal information and 6,600 account records with plaintext passwords.
- Large backups listed include a 10GB ERP MSSQL dump, a 300MB HR Oracle dump, and a 1GB MySQL dump spanning multiple domains.
- Scanned employee identification documents and affected domains such as familyfedihq.org and sunhakpeaceprize.org are included in the samples.
Read More: https://dailydarkweb.net/ffwpu-and-tongil-group-face-extensive-data-breach/