leaksear.ch has indexed a Clf09.com (草榴社區) forum leak containing 2,459,744 records, roughly 2.5 million entries, with usernames, email addresses, and hashed passwords exposed on August 3, 2022 (leaksear.ch metadata). Clf09.com is associated with 草榴社區, a Chinese-language adult forum that Chinese media have described as a well-known adult site with invitation-based registration (thepaper.cn).
What happened
Public reporting about the underlying intrusion is limited. RansomLook has a public Clf09.com leak entry indexed on August 3, 2022 and showing columns for username, email_address, and password (ransomlook.io).
That public entry lists 3,282,689 records, which differs from the 2,459,744 records indexed by leaksear.ch. This article uses the leaksear.ch count for the searchable dataset and cites RansomLook only as external public context (leaksear.ch metadata, ransomlook.io).
The available public sources reviewed for this article do not establish whether the data came from a direct forum compromise, scraping, a misconfigured backup, or another exposure path. No official Clf09.com disclosure was found in the public sources reviewed, so the breach mechanism should be treated as unconfirmed.
What data was exposed
The leaksear.ch index lists three searchable pivots: email addresses, usernames, and hashed passwords (leaksear.ch metadata). The metadata does not list names, phone numbers, government IDs, payment cards, or plaintext passwords as exposed fields (leaksear.ch metadata).
Why this matters
An email address paired with a forum username can support targeted phishing or extortion-themed scams, especially where membership in an adult forum may be sensitive (thepaper.cn). The hashed password field is not the same as a plaintext password, but OWASP notes that password hashes can sometimes be cracked depending on password strength and hashing practices, and reused credentials can then become a credential-stuffing risk across other services (cheatsheetseries.owasp.org, owasp.org). Individuals should change any reused Clf09.com password, enable MFA where possible, and consider a password manager, steps NIST recommends for password-protected accounts (nist.gov). If you want to check whether your email, username, or hashed password appears in this leak, use the exposure-checking option provided with this article.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include email, hashed password, and username.