3 min read

Online gaming data breach affects millions in South Korea

Graham CLULEY

August 26, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Online gaming data breach affects millions in South Korea

South Koreans must handle the consequences of yet another enormous data breach, this time from online gaming.

A staggering three-quarters of the entire South Korean population was affected, with ages ranging from 15 to 65. It would be an impressive enough statistic to learn that three-quarters of South Koreans are involved in some sort of online gaming platform to begin with, but this data breach stretches beyond that.

Korea JoongAng Daily reports authorities have already made 16 arrests related to the leak. A 24-year-old man with the surname Kim is apparently suspected as a key player in the illegal receipt of over 220 million identifying pieces of information. Kim handled names, account names and passwords, and even residential registration numbers, all of which he received from a Chinese hacker he met – you guessed it – in an online game.

Kim appears to have largely dealt in online game currency, using a password extractor to automate the login process with his sizable cache of account data. You have to admire his persistence; when the extractor was not sufficient to gain access into accounts, Kim purchased identifying information from a mobile phone vendor in order to manually reset their passwords. Kim gained nearly $400,000 from six online games and shared just under $130,000 to his Chinese hacking partner.

Korean law enforcement suspects Kim of selling this illicit information to mortgage fraud swindlers and low-level gambling advertisers. Although he only sold them for as much as 30 cents per data item, police estimate the secondary damages amount to about $2 million. The mortgage fraudsters managed to use Kim`s information to deceive hundreds of Koreans for over a year from 2012 – 2013.

Although Kim and his hacking partner in China seem to be getting most of the credit for this massive data breach, the roles of the other fifteen arrested are not yet known. In fact, it appears a good deal about this story is still not yet known. Authorities are endeavoring to pin down how these enormous amounts of illegal information were circulated and are still hunting at least seven other suspects (including Kim`s partner).

This is hardly the first time Koreans have suffered due to online security breaches. In 2011, hackers managed to infiltrate South Korea`s most popular social networking sites. Those hackers stole data from 35 million Koreans involved with Nate and the Sims-like Cyworld.

If three-quarters of the population today seems like a staggering amount of plugged-in citizens, consider that Nate and Cyworld commanded the attention of 35 million people in a country with 49 million residents. It`s a similar percentage, and a similar story: then, like now, hackers from China played a prominent role, and it was the unsuspecting Koreans who had to front the damage.

I have written in the past that it is the Korean citizens who must handle the burden of insufficiently secure services. Social networks and games aren`t the only targets. This past January, an IT contractor for the Korea Credit Bureau was arrested for copying and selling the personal credit card information of almost 20 million Koreans. The chief executives publicly apologized and promptly resigned, although that was probably a small relief to the half of the Korean population whose financial data had been exposed.

Nobody has heard anything as of yet from any of Korea`s online gaming services. Although not much is known about the details of the breach itself, a simple password extractor should not be enough to hack into a large-scale gaming platform.

While security professionals love to write about password security and how individuals can protect themselves, the onus is on the company to provide a safe and secure online environment for their gamers.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read