A threat actor has claimed responsibility for a data breach targeting Creatorlink, a South Korean website building platform. The actor is offering the entire database for sale on a dark web forum. According to the actor, the compromised database is 231.9 MB and contains sensitive information from over 575,000 users. The allegedly exfiltrated data includes:
Personal Identifiable Information (PII):
- Full names and nicknames
- Email addresses
- Hashed passwords
- Phone numbers
- Physical addresses (zip code and street address)
- Dates of birth
- Gender
Technical & Activity Data:
- User IP addresses (including registration and last login)
- Login and registration timestamps
- User’s country code
Platform-Specific Data:
- User IDs and internal numbers
- Homepage URLs
- User profile information and settings
- Account level and points
