Yes24 hit by a second ransomware attack in two months
Learn More
Yes24, South Korea's online bookstore and ticketing platform, fell victim to its second ransomware attack in two months. The attack occurred on August 11, 2025 and brought down the company's website and mobile services during a period for K-pop concert ticket sales.
The ransomware attack began at approximately 4:30 a.m. local time on Monday, August 11, 2025, forcing the company to immediately shut down all digital services as a precautionary measure. A Yes24 official confirmed that the early-morning ransomware attack disabled user access, with the company stating: "We sincerely apologize for the inconvenience caused by the external ransomware attack that occurred around 4:40 a.m."
Unlike the previous five-day outage in June 2025, this incident was resolved much more quickly, with all services fully accessible and functioning normally by 11:30 a.m. the same day.
The affected services during the August attack included all core Yes24 platforms:
- Website access for book purchases
- Mobile app functionality
- E-book access and digital library services
- Concert and event ticketing systems
- Community forums and user accounts
Any exposed data and number of affected individuals is not disclosed.
The threat actors behind both the June and August attacks are not identified, and Yes24 has not disclosed whether any ransom payments were made.
