Hackers have leaked the user database of a Tor web host popular with child pornographers

Two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II — a popular underground web host that, according to The Verge, contained one-fifth of the dark web — and shut it down.

Predictably, the hackers weren’t content with replacing 10,613 websites with a page that said “Hello, Freedom Hosting II, you have been hacked.” They also copied the hosting service’s database, which they have since released publicly.

According to Troy Hunt, who runs the popular service Have I Been Pwned?, the data dump includes the email details of nearly 381,000 users. Given that Freedom Hosting II was popular with those involved in the creation and distribution of child pornography, many of those emails are likely ‘burner’ addresses.

New sensitive breach: Freedom Hosting II had 381k email addresses exposed. 21% were already in @haveibeenpwned https://t.co/LGaAnj1hUA

— Have I been pwned? (@haveibeenpwned) February 5, 2017

But almost 21 percent of them were in previous breaches registered in Have I Been Pwned?, suggesting that many of them were people’s actual, day-to-day email address. In a tweet, Troy Hunt said that there were ‘thousands’ of .gov email addresses, although he added “how many are real and what purposes they were being used for is another issue.”

In addition to user details, the dump also contains website database backups, many of these based on popular, free systems like WordPress and PHPBB. According to Hunt, much of the data is ‘highly explicit’. Almost half of the sites caught up in the dump reportedly contain illicit sexual content involving children.

The rest, according to a 2006 report from OnionScan, was a diverse collection of ponzi schemes, carding and counterfeiting sites, hacking forums, personal blogs, and Bitcoin escrow services.

According to Hunt, the Freedom Hosting II dump is almost certainly in the hands of law enforcement by now, adding that it is “very public” and contained “many real email addresses”. It seems inevitable that in the coming weeks, some of its users will find themselves with a knock on the door.