Hack Attack In South Korea Gets Access To Data On Over 70% Of Everyone In The Country

from the hacked dept

Fri, Jul 29th 2011 3:42pm — Mike Masnick

We've talked about some massive data breaches in the past, but a recent hack attack in South Korea apparently resulted in personal information on 35 million people being copied. The country has a population somewhere around 49 million... meaning that over 70% of South Koreans had their personal info copied by someone. Authorities are blaming China, though it's not clear if that's really the case. Either way, whoever did the hack got "user IDs, passwords, social security numbers, names, mobile phone numbers and email addresses." At least the SSNs and passwords were encrypted, so it's not quite as bad as it could have been. But it basically sounds like if you have internet access in South Korea, someone probably got your data.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data, hack, personal information, south korea

12 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

blaktron (profile), 29 Jul 2011 @ 3:47pm

We sure do need more data retention, don't want to make it TOO hard for the scammers....
[ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 4:18pm

South Korea uses SSN's too?
[ link to this | view in chronology ]
- Anonymous Coward, 29 Jul 2011 @ 4:25pm
  
  Re:
  Those were 35 million of US citizens visiting :)
  [ link to this | view in chronology ]
- Liz, 29 Jul 2011 @ 4:58pm
  
  Re:
  South Korea uses SSN's too?
  
  A lot of services online can't be used unless you have a SSN in South Korea. From banking to video games. It's one way for them to ensure that their systems accept only regional access or restrict access to their citizens.
  [ link to this | view in chronology ]
- Billy, 24 Aug 2011 @ 7:40am
  
  Re: SSN's
  Yes - http://www.ssa.gov/international/links.html
  [ link to this | view in chronology ]
Anonymous Coward, 29 Jul 2011 @ 4:28pm

> Hackers purportedly attacked popular Internet and social media sites Nate and Cyworld earlier this week, stealing data such as social security numbers and email addresses

Why the hell would social media site have your SSN?

> alleged the attack originated from computers in China based on their Internet Protocol addresses

Um... How does that indicate the attacker, again? China is the #1 favorite location for bounce boxes (i.e. hacked computers you SSH to and use *them* to do the hacking, so to cover your traces).
[ link to this | view in chronology ]
- Anonymous Coward, 29 Jul 2011 @ 7:38pm
  
  Re:
  Korea's version of the SSN, the Resident Registration Number, is required to apply for many services available on the internet to Koreans. It would actually be very uncommon by Korean standards for a social network not to require a RRN for registration.
  [ link to this | view in chronology ]
Hothmonster, 29 Jul 2011 @ 4:39pm

I cant wait till our isps are holding all that info in a nice little package too
[ link to this | view in chronology ]
- Anonymous Coward, 29 Jul 2011 @ 6:04pm
  
  Re:
  And THAT is the worst part of the shameful bill rammed through today. It's inevitable that information like this will be acquired by third parties. So put aside for a moment the worries about what government will do with it: imagine what blackmailers, pedophiles, identity thieves will do with it.
  
  And they WILL get it. It has value, therefore someone will be willing to hack it for the right price.
  
  We need data protection laws that stipulate the death penalty for those who fail. That's the only thing that will convince people to put adequate security in place.
  [ link to this | view in chronology ]
  - The eejit (profile), 29 Jul 2011 @ 11:49pm
    
    Re: Re:
    I wouldn't say the death penalty, but a fine appropriate to your size. So if, say, Sony had a breach nd didn't tell you about it, they'd lose $40m. But if a small business lost it, they would only be fined a few g's.
    [ link to this | view in chronology ]
    - Anonymous Coward, 30 Jul 2011 @ 3:04am
      
      Re: Re: Re:
      $40M to Sony? Insignificant. Besides, they'd fight it in court, spending $100M if necessary to avoid paying it.
      
      No, I would prefer to see the CEO publicly beheaded as punishment for the breaches. I think that would "inspire" them to work just a little harder to keep data private.
      [ link to this | view in chronology ]
- Anonymous Coward, 30 Jul 2011 @ 7:28pm
  
  Re:
  VPN
  [ link to this | view in chronology ]