Brinztech Alert: 29k Customer Records of South Korea’s GR Korea on Sale

Dark Web News Analysis: GR Korea Health Supplement Customer Database on Sale

A 145MB database dump, allegedly from the South Korean health supplement company GR Korea, is being sold on a hacker forum for $380 USD. The breach exposes the extremely sensitive personal, financial, and health-related information of 29,189 users. This is a critical data breach due to the combination of highly personal information being sold. The compromised data allegedly includes:

• PII and National ID: Full names, emails, phone numbers, addresses, and SSN equivalents (likely South Korea’s Resident Registration Number – RRN).
• Credentials: Hashed passwords for user accounts.
• Sensitive Health and Purchase Data: Private health memos and detailed purchase histories of health supplements.
• Record Count: 29,189 user profiles.

Key Cybersecurity Insights

The combination of national identity numbers with private health information is a worst-case scenario for a consumer data breach, enabling devastating and highly personal attacks.

• Leak of Health Memos is a Severe Breach of Personal Privacy: The exposure of private health information and supplement purchase history is a profound violation of privacy. This data can be used by criminals for highly targeted and cruel scams that prey on an individual’s specific health concerns, or for blackmail and extortion.
• SSN Equivalents (RRN) Enable High-Level Identity Theft: The South Korean Resident Registration Number (RRN) is a unique national identifier. Leaking it alongside a person’s full name and contact details is a catastrophic event for identity theft. Criminals can use this information to open fraudulent accounts, commit serious financial crimes, and impersonate victims in official capacities.
• Hashed Passwords Create Widespread Account Takeover Risk: Even though the passwords are hashed, attackers will work to crack them. The resulting list of emails and cleartext passwords will be immediately used in automated “credential stuffing” attacks against other valuable websites, particularly other e-commerce or health-related platforms where users may have reused their credentials.

Critical Mitigation Strategies

GR Korea must act with urgency to address this critical breach, and its customers must assume their most sensitive data is now in the hands of criminals.

• For GR Korea: Immediately Investigate and Secure All Accounts: The company must launch an immediate investigation to confirm the source and scope of the breach. The top priority is to force a mandatory password reset for all 29,000+ users, immediately upgrade their password hashing algorithm to a modern standard, and enhance security monitoring on all accounts.
• For GR Korea: Prepare for Data Breach Notification and Support: Given the exposure of national ID numbers and sensitive health data, the company must prepare a comprehensive and transparent notification plan for all affected users, in compliance with South Korea’s Personal Information Protection Act (PIPA). Offering robust support services like identity theft protection and credit monitoring is essential.
• For Affected Customers: Assume Identity is Compromised and Act Accordingly: This is the most critical advice for victims. Customers of GR Korea must assume their most sensitive data is now public. They need to be on maximum alert for signs of identity theft, closely monitor their financial and official records, and be extremely suspicious of any unsolicited health-related advice or offers, as these are likely to be targeted scams.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com