cdups.co.kr, a South Korean beauty medical center and plastic surgery clinic, has allegedly been compromised. The breach involves the unauthorized extraction and sale of a database containing 100,000 lines of user and patient information. The leak, which was listed on a cybercrime forum in early 2025, exposes sensitive client data managed by the clinic’s digital infrastructure.
According to the sample data provided, the compromised database contains extensive Personal Identifiable Information (PII) of clients and website members. The allegedly compromised data includes:
-
Full names and Nicknames (encoded in samples)
-
User Login IDs (
mb_id) -
Password hashes (
mb_passwd) -
Email addresses (including clinic-specific addresses like
chungdamuand public domains like Naver and Gmail) -
Mobile phone numbers (
tel_no,ctel_no) -
Physical home addresses and Zip codes (
addr_1) -
Dates of birth (
birth_dt) -
Social Media integration types and IDs (
sns_type) -
Member role sequences and registration IP addresses
