3 min read

Online gaming data breach affects millions in South Korea

Graham CLULEY

August 26, 2014

Online gaming data breach affects millions in South Korea

South Koreans must handle the consequences of yet another enormous data breach, this time from online gaming.

A staggering three-quarters of the entire South Korean population was affected, with ages ranging from 15 to 65. It would be an impressive enough statistic to learn that three-quarters of South Koreans are involved in some sort of online gaming platform to begin with, but this data breach stretches beyond that.

Korea JoongAng Daily reports authorities have already made 16 arrests related to the leak. A 24-year-old man with the surname Kim is apparently suspected as a key player in the illegal receipt of over 220 million identifying pieces of information. Kim handled names, account names and passwords, and even residential registration numbers, all of which he received from a Chinese hacker he met – you guessed it – in an online game.

Kim appears to have largely dealt in online game currency, using a password extractor to automate the login process with his sizable cache of account data. You have to admire his persistence; when the extractor was not sufficient to gain access into accounts, Kim purchased identifying information from a mobile phone vendor in order to manually reset their passwords. Kim gained nearly $400,000 from six online games and shared just under $130,000 to his Chinese hacking partner.

Korean law enforcement suspects Kim of selling this illicit information to mortgage fraud swindlers and low-level gambling advertisers. Although he only sold them for as much as 30 cents per data item, police estimate the secondary damages amount to about $2 million. The mortgage fraudsters managed to use Kim`s information to deceive hundreds of Koreans for over a year from 2012 – 2013.

Although Kim and his hacking partner in China seem to be getting most of the credit for this massive data breach, the roles of the other fifteen arrested are not yet known. In fact, it appears a good deal about this story is still not yet known. Authorities are endeavoring to pin down how these enormous amounts of illegal information were circulated and are still hunting at least seven other suspects (including Kim`s partner).

This is hardly the first time Koreans have suffered due to online security breaches. In 2011, hackers managed to infiltrate South Korea`s most popular social networking sites. Those hackers stole data from 35 million Koreans involved with Nate and the Sims-like Cyworld.

If three-quarters of the population today seems like a staggering amount of plugged-in citizens, consider that Nate and Cyworld commanded the attention of 35 million people in a country with 49 million residents. It`s a similar percentage, and a similar story: then, like now, hackers from China played a prominent role, and it was the unsuspecting Koreans who had to front the damage.

I have written in the past that it is the Korean citizens who must handle the burden of insufficiently secure services. Social networks and games aren`t the only targets. This past January, an IT contractor for the Korea Credit Bureau was arrested for copying and selling the personal credit card information of almost 20 million Koreans. The chief executives publicly apologized and promptly resigned, although that was probably a small relief to the half of the Korean population whose financial data had been exposed.

Nobody has heard anything as of yet from any of Korea`s online gaming services. Although not much is known about the details of the breach itself, a simple password extractor should not be enough to hack into a large-scale gaming platform.

While security professionals love to write about password security and how individuals can protect themselves, the onus is on the company to provide a safe and secure online environment for their gamers.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read
A Heads-Up on Stalkerware, the Wolf Software in Sheep’s Clothing A Heads-Up on Stalkerware, the Wolf Software in Sheep’s Clothing
Silviu STAHIE

August 03, 2021

4 min read