It has been confirmed that a former Coupang employee who leaked massive amounts of personal data viewed the delivery address list page, which conta...
Results of the joint public-private investigation announced… On top of the existing 33.67 million leaked records, ‘third-party harm’ could grow It has been confirmed that a former Coupang employee who leaked massive amounts of personal data viewed the delivery address list page, which contains the names, phone numbers, and addresses of users, around 148 million times.
From the ‘My Info Edit’ page, names and e-mail information alone totaled 33.67 million cases, and the final scale of the leak that the Personal Information Protection Commission will confirm and announce is likely to increase further. The government identified “poor management at Coupang” as the cause of the incident. The Ministry of Science and ICT on the 10th announced the results of a joint public-private investigation into the Coupang breach. The incident erupted when A, a former employee of Chinese nationality who had been in charge of developing authentication systems at Coupang, leaked the personal information of users. After analyzing 25.6TB of Coupang access records from November 29, 2024 to December 31 last year, the task force found that 33,673,817 items of names and e-mail information were leaked from the ‘My Info Edit’ page. This is similar to the government estimate of 33.7 million leaked accounts. A viewed the delivery address list pagewhich includes names, phone numbers, delivery addresses, and apartment building entrance passwords masked with special charactersapproximately 148,050,000 times . Because the address list often contains information about third parties such as family and friends in addition to the account holder, the scope of affected individuals may expand. Choi Woo-hyuk, Director General for Information Security and Network Policy at the Ministry of Science and ICT, said, “A view constitutes a leak,” while adding, “The exact scale of personal data leakage will be announced finally by the Personal Information Protection Commission.” It was reported that up to 20 addresses can be registered on the address list page and that it contains varied information, making it difficult to calculate the scale of the leak.The address list edit page that included apartment building entrance passwords that had not been de-identified was viewed 50,474 times, and the order list page that shows users their recent purchases was viewed 102,682 times. However, the task force stated, “No secondary damage resulting from the personal data leak has been confirmed to date.” Starting in January last year, A conducted attack tests based on vulnerabilities known during his tenure at Coupang. From April 14 to November 8 last year, he used an automated web-crawling attack tool to exfiltrate large volumes of information. In the process, a total of 2,313 IP addresses were used. Whether this information was transmitted to external cloud servers located overseas has not been confirmed. A also sent two e-mails to Coupang on November 16 and 25 last year to report the leak. The task force cited inadequate management of the information protection system at Coupang as the cause of the leak incident. Choi said, “It is clearly a management problem,” adding, “It is hard to view it as a sophisticated attack.” In normal access, a Coupang user goes through a login process and is issued a kind of ‘electronic entry pass’. The Coupang gateway server verifies whether the issued electronic entry pass is valid and, if no anomalies are found, allows access to the service. After stealing the signing key of the user authentication system he had administered while employed, A forged and altered the electronic entry pass to pass through the Coupang authentication system. As a result, he was able to access Coupang services without going through the normal login procedure. Coupang failed to detect·block access that used forged or altered electronic entry passes. The mechanism to verify whether an electronic entry pass had been issued through a proper process was inadequate. It was also revealed that developers stored signing keys on their laptops, creating risks of key leakage and misuse, and that there was no system to manage key histories. Violations of law such as delays in breach notification and violations of data preservation orders were also identified. The task force has requested an investigation into the deletion of web and application logs. Some have suggested that the government hurried to announce the findings ahead of a ‘Coupang hearing’ in the U.S. House of Representatives that is investigating alleged discrimination by the Korean government. In response, Choi said, “It has nothing to do with any external variables.” He added, “We have never discriminated against any company,” and “We have been putting into practice the principle of disclosing results promptly and transparently as they come out.” As for Coupang stating in its own investigation that the volume of personal data A stored was a little over 3,000 records, this was dismissed as “merely the claim of the entity under investigation.” Based on the investigation results, the Ministry of Science and ICT will require Coupang to submit an implementation plan for recurrence prevention measures within this month and plans to check the implementation results by July. Coupang said that day, “We have never denied the previously reported scale of the leak involving roughly 33.7 million accounts,” adding, “We have notified about 33.7 million people of the personal data leak and have provided compensation .”
대한민국 최근 뉴스, 대한민국 헤드 라인
Similar News:다른 뉴스 소스에서 수집한 이와 유사한 뉴스 기사를 읽을 수도 있습니다.
Coupang apology notice finally stands out···Another belated revision following PIPC recommendationCoupang has changed the apology banner related to the large-scale personal data leak to make it more noticeable. The measure follows a recommendati...
더 많은 것을 읽으십시오 »
‘Brazen response’ by Kim Beom-seok of Coupang, and behind the scenes a ‘U.S. public-opinion campaign’···“Are the Korean people a joke?”Despite allegations of personal-data leaks and the concealment of industrial accidents, Coupang Inc Chair and founder Kim Beom-seok has repeatedly ...
더 많은 것을 읽으십시오 »
8 billion won over two years on lobbying···“Coupang, most Americans have never used it, yet an all-out offensive on U.S. politics”Some parts of the all-front lobbying conducted by Coupang targeting official Washington have been revealed. Following the victory of Donald Trump i...
더 많은 것을 읽으십시오 »
“Shared-entrance entry-code leak: 2,609, not 50,000” Coupang again pushes back against the governmentFollowing the government official announcement on the 10th, which stated among other things that a former Coupang employee who leaked personal info...
더 많은 것을 읽으십시오 »