{"id":15268,"date":"2025-12-05T03:37:13","date_gmt":"2025-12-05T03:37:13","guid":{"rendered":"https:\/\/newestek.com\/?p=15268"},"modified":"2025-12-05T03:37:13","modified_gmt":"2025-12-05T03:37:13","slug":"coupang-breach-of-33-7-million-accounts-allegedly-involved-engineer-insider","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15268","title":{"rendered":"Coupang breach of 33.7 million accounts allegedly involved engineer insider"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

A prolonged lack of management of valid authentication keys for signed access tokens issued to authenticators is believed to be the root cause of over 30 million accounts being exposed externally by ecommerce giant Coupang. Ongoing analysis suggests that these keys could have been exploited even after the responsible employee left the company.<\/p>\n

On Nov. 29, Coupang released a statement<\/a> confirming the unauthorized exposure of personal information from approximately 4,500 accounts on Nov. 18. The company also noted that the breach had been reported to the National Police Agency, the Korea Internet & Security Agency, and the Personal Information Protection Commission. Subsequent investigations, however, revealed that the damage involved approximately 33.7 million accounts.<\/p>\n

Leaked information included names, email addresses, shipping address lists, and some order information. Coupang stated that payment information, credit card numbers, and login information were not included. It is believed that unauthorized access occurred via overseas servers starting on June 24, 2025. The company also stated that it is currently cooperating with relevant authorities to investigate the cause of the breach.<\/p>\n

The Ministry of Science and ICT, the Seoul Metropolitan Police Agency, and other relevant agencies conducted<\/a>\u00a0an on-site investigation after receiving a report of a breach on Nov. 19 and a report of a personal information leak on Nov. 20. The investigation confirmed that the attacker exploited an authentication vulnerability in Coupang\u2019s servers, bypassing the normal login process and leaking customer information.<\/p>\n

The government launched a joint public-private investigation team on Nov. 30, and the Personal Information Protection Commission is investigating whether Coupang violated its personal information protection safety measures \u2014 access control, access authority management, encryption, etc. As a service with such a high user base that it\u2019s often called the \u201cAmazon of Korea,\u201d Coupang issued a public security notice on Nov. 29 to prevent secondary damage. Furthermore, a three-month period, starting Nov. 30, will be dedicated to strengthening the monitoring of personal information leaks and illegal distribution online.<\/p>\n

Meanwhile, Choi Min-hee, Chairwoman of the National Assembly Science, ICT, Broadcasting and Communications Committee, released the results of an analysis of the specific causes of the incident in a press release on Nov. 30. According to information received from Coupang, the company reportedly responded that \u201cthe token signing key validity period is often set to 5 to 10 years,\u201d adding that \u201cthe rotation period is long and varies greatly depending on the key type.\u201d<\/p>\n

Chairman Choi\u2019s side explained this incident using an analogy to an access control system. If the \u201ctoken\u201d required for login is a single-use access card, the \u201csignature key\u201d is like the authentication stamp used to issue the access card. While access is impossible without the authentication stamp, even with the access card, if the signature key is left unattended for an extended period, it can be subject to continued exploitation.<\/p>\n

According to Rep. Choi Min-hee\u2019s office, Coupang\u2019s login system is designed to immediately discard tokens after they are created, but the signature information required for token creation was deleted or not updated when the employee in charge left the company, and was thus exploited by internal employees.<\/p>\n

In a press release, Chairman Choi Min-hee stated, \u201cCoupang did not follow the most basic internal security procedure of renewing the signing key,\u201d and \u201cAbandoning a long-term valid authentication key was not simply a deviation by an internal employee, but the result of organizational and structural problems at Coupang that neglected the authentication system.\u201d<\/p>\n

Victims of this breach have been notified via email or text message. Related information\u00a0can also be found on a separate\u00a0information page.<\/a><\/p>\n

Coupang CEO Park Dae-joon\u00a0issued a separate statement<\/a>\u00a0on Nov. 30, saying, \u201cWe sincerely apologize for causing great inconvenience and concern to the public,\u201d and \u201cCoupang will do its best to prevent further damage by closely cooperating with the joint public-private investigation team including the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, and the National Police Agency.\u201d<\/p>\n

South Korean President Lee Jae Myung this week referenced the data breach at Coupang in calling for increased penalties for corporate negligence<\/a> in such scenarios. The breach is believed to be the worst in South Korea in over a decade. Bloomberg reports that the breach may be a landmark case for South Korea<\/a>. It could result in a record fine, potentially up to 1.2 trillion won (US$814M)<\/a>.<\/p>\n

The prime suspect is a former Coupang engineer<\/a> who had worked on authentication systems. The police are investigating whether the former employee acted alone or collaborated with others on the breach.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A prolonged lack of management of valid authentication keys for signed access tokens issued to authenticators is believed to be the root cause of over 30 million accounts being exposed externally by ecommerce giant Coupang. Ongoing analysis suggests that these keys could have been exploited even after the responsible employee left the company. On Nov. 29, Coupang released a statement confirming the unauthorized exposure of… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15268","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15268","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15268"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15268\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15268"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15268"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15268"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}