Personal info of 35 mil. Nate, Cyworld users feared leaked

By Yoon Ja-young

SK Communications, which operates Cyworld, the country’s most popular social networking site, issued an alert Thursday after its network was hacked into by criminals, who appear to have stolen the personal information of more than 35 million users.

The Korea Communications Commission (KCC) said the incident at the company, which also runs the popular web portal Nate, is the country’s biggest data breach case ever.

“SK Communications found out early this morning and informed the commission. They also requested a police investigation,” said a spokesman for the regulator.

According to SK Communications, the hackers accessed its system using an Internet protocol (IP) address based in China. Names, usernames, e-mail addresses, phone numbers, as well as resident registration numbers and passwords of the customers, both of which were encoded to protect personal information, have been leaked.

“Nate has 33 million users, and Cyworld has 25 million. The number of users for the two sites totals 35 million when excluding overlaps. We are not sure how many of them were hacked, but we estimate the information for almost all of them has been compromised,” the spokesman said, when asked exactly how many victims there were.

A series of hacking incidents have plagued the nation of late. Auction, an online open market, had private information of over 10 million users stolen in February 2008, followed by a leak at GS Caltex in the same year. More recently, Shinsegae Mall had the information of 20 million clients stolen last year, and Hyundai Capital had critical information such as passwords and credit ratings taken.

“Unlike previous incidents, this one is notable as we expect portals to have a very high level of security. Moreover, SK Communications is the operator of one of the country’s three biggest portals,” the spokesman said.

Voice phishing to surge

SK announced that it had blocked access to its system from China based IPs. It is also asking users to change their passwords. “The resident registration number and passwords were encoded with the highest level of technology. They are safe,” a representative for SK Communications said.

If hackers succeed in decoding them, however, the damage could be huge. Nateon, a messenger service, is linked with mobile phones, and hackers could look into text messages of its users. Messenger phishing was also rampant at Nateon, where people were duped by those disguising themselves as their friends on messenger and sent them money.

The regulator said that the biggest concern for now is voice phishing. “As the phone numbers got hacked, voice phishing could surge using this information. As e-mail addresses were also exposed, spam mail could increase,” the spokesman said. Using the phone number, the voice phishing scammers make a phone call to the victim, posing as police, bank officials or even kidnappers, duping them to send money to fraudulent accounts. The victims often get duped as the scammers have much of their personal information.

The regulator advised people to change passwords not only for Nate and Cyworld but also for other sites if they use the same username and passwords.

“We sincerely apologize to our customers for the scandal,” said Joo Hyung-chul, the chief executive of SK Communications. “We will take all measures to prevent a recurrence of such an incident and minimize the damage to customers, and we will fully cooperate with the investigation to find out how it took place and to retrieve customer information,” he said.