A vigilante associated with hacktivist group Anonymous took down about 20 percent of the sites on the Dark Web on Friday, attacking hosting service Freedom Hosting II (FH2) and compromising over 10,000 Tor-based pages.

According to a report from independent security researcher Sarah Jamie Lewis, anyone accessing the sites following the attack was met with the message: “Hello, Freedom Hosting II, you have been hacked.”

Speaking to Motherboard, the attacker admitted that it was their first ever hack. They initially had no intention of taking the sites down but allegedly found that several of them - possibly up to 50 percent - contained child pornography. These were using gigabytes of data, much more than 256MB FH2 allows, suggesting “they paid for hosting and the admin knew of those sites,” according to the hacker.

It was only after discovering the child pornography, which in total contained over 30GB of material, that the hacker decided to take action. They accomplished this by creating a new FH2 site or logging into a current one, altering some config files, triggering a password reset, turning on root access, then logging back in with new system privileges.

The hacker has released a data dump of FH2 files, but it doesn’t contain user information. They are handing a copy to a data researcher who will forward it to the authorities.

The first Freedom Hosting was busted by law enforcement back in 2013, leading to several child pornography prosecutions. Officials may not be too happy about the most recent hack, though. As noted by Motherboard:  “In recent years, when law enforcement agencies such as the FBI have taken over dark websites or hosting providers, they have then tried to identify individual users by deploying malware. But now with the plethora of Freedom Hosting II child pornography sites shut down, the feds might not be able to use that sort of tactic at all.”