K-Pop Chaos: Yes24 Hit by Massive Ransomware Attack, Disrupting Ticketing & Fan Events
Do Son 
The South Korean platform Yes24, the nation’s largest online ticketing service and a favored destination among K-pop enthusiasts, has fallen victim to a massive ransomware attack, triggering significant disruptions across the country’s entertainment industry. The incident unfolded in the early hours of June 9th, around 4 a.m. local time, when Yes24’s technical team detected a malfunction that was later confirmed to be the result of a cyberattack.
In addition to ticketing, Yes24 is also engaged in the distribution of books and music albums, boasting a user base exceeding 20 million, the majority of whom are ardent fans of Korean pop culture. Following the attack, both the company’s website and mobile application became inaccessible. According to Yes24 representatives, the perpetrators deliberately targeted and disabled both primary and backup servers, compromising critical infrastructure files essential to the platform’s operations.
The company claims to have regained control over its systems and is currently implementing restoration measures, aiming for full recovery by June 15th. As an immediate response, Yes24 has fortified its cybersecurity protocols and notified the relevant authorities, including the Korea Internet & Security Agency.
Nevertheless, users and industry stakeholders have criticized the company for a lack of transparency. For over thirty-six hours following the breach, Yes24 insisted it was undergoing “technical maintenance,” a claim that only fueled public frustration as fans were abruptly cut off from their purchased tickets.
On June 12th, the company issued an updated statement attempting to allay fears of potential data leaks. A notice on the homepage declared that, based on current findings, there was no evidence of unauthorized access to users’ personal information. At the same time, Yes24 acknowledged that the attack was carried out by an unidentified party and assured that any confirmed data breaches would result in direct notifications to affected customers.
The disruption has had a ripple effect on South Korea’s entertainment sector. Popular K-pop group Enhypen was forced to cancel a scheduled autograph event tied to the release of their latest album. The “Beautiful Mint Life” music festival, set to take place in Seoul over the weekend, was jeopardized due to attendees being unable to retrieve their tickets. Additionally, pre-sales for upcoming performances by artists such as Ateez, B.I., and Park Bo-gum were suspended.
Organizers of concerts and theatrical productions urged attendees to bring printed copies of their tickets, yet this measure proved insufficient—numerous fans were turned away at entrances for lacking physical confirmation.
Yes24 has pledged to publish refund procedures for canceled events and compensation guidelines for unused tickets in the coming days. The company also issued a warning about possible phishing scams, strongly advising users to remain vigilant when receiving emails, calls, or messages purporting to be from Yes24 or financial institutions. Users are urged not to click suspicious links, to update their passwords, and to monitor their accounts for unusual activity.
This South Korean incident once again underscores the sobering reality that even the country’s most cherished digital platforms are not immune to ransomware assaults—whose consequences reverberate far beyond the realm of business, impacting the cultural lives of millions.
Donate