The Korea Times close
National
  • Politics
  • Foreign Affairs
  • Multicultural Community
  • Defense
  • Environment & Animals
  • Law & Crime
  • Society
  • Health & Science
Business
  • Tech
  • Bio
  • Companies
Finance
  • Companies
  • Economy
  • Markets
  • Cryptocurrency
Opinion
  • Editorial
  • Columns
  • Thoughts of the Times
  • Cartoon
  • Today in History
  • Blogs
  • Tribune Service
  • Blondie & Garfield
  • Letter to President
  • Letter to the Editor
Lifestyle
  • Travel & Food
  • Trends
  • People & Events
  • Books
  • Around Town
  • Fortune Telling
Entertainment
& Arts
  • K-pop
  • Films
  • Shows & Dramas
  • Music
  • Theater & Others
Sports
World
  • SCMP
  • Asia
Video
  • Culture
  • People
  • News
Photos
  • Photo News
  • Darkroom
  • The Korea Times
  • search
  • Site Map
  • E-paper
  • Subscribe
  • Register
  • LogIn
search close
  • The Korea Times
  • search
  • Site Map
  • E-paper
  • Subscribe
  • Register
  • LogIn
search close
National
  • Politics
  • Foreign Affairs
  • Multicultural Community
  • Defense
  • Environment & Animals
  • Law & Crime
  • Society
  • Health & Science
Mon, August 8, 2022 | 09:57
Business
Asiana Airlines' customer database left unsecured since 2013
Posted : 2016-07-22 11:09
Updated : 2016-07-23 09:31
Print Preview
Font Size Up
Font Size Down
/ Korea Times file
/ Korea Times file

Login records between Jan. 2013 and Aug. 2014 unable to retrieve


By Park Si-soo, Lee Han-soo

Asiana Airlines' website server for the FAQ section has been left unsecured since January 2013, Korea Communications Commission (KCC) investigators said.


Previously, the nation's second-largest airline claimed only customer data entered since May 2015 had been vulnerable. Asiana issued the statement with that date following a report by The Korea Times on its compromised web security, which revealed an estimated 47,000 private documents of customers were improperly protected from unauthorized web access.

In line with its internal rules, the company had been deleting login records on the server between January 2013 and August 2014, making it impossible to trace server activity during the period.

Asiana and investigators from the KCC and the Korea Internet and Security Agency (KISA) said there were only two IP addresses -- one from The Korea Times and the other from a computer expert living overseas who informed the newspaper of the breach -- that extensively accessed the exposed data saved on the server during the retrievable period.

[EXCLUSIVE] Asiana Airlines' customer database leaked on Internet
[EXCLUSIVE] Asiana Airlines' customer database leaked on Internet
2016-07-18 10:33  |  Companies

The airline ruled out the possibility that any of the unsecured data was accessed by anyone with malicious intent.

"We have found no suspicious traces of activities on the server after August 2014, but my concern is what happened before then," said a KCC official.

The two regulators are focusing their investigation on 47,023 private documents of passengers saved during the retrievable period. But they are left helpless when it comes to investigating the "deleted period" that could have contained more documents than those retrievable, as the vulnerable documents and any visitor IP addresses have both since been deleted.

"The FAQ section reopened in 2013 after a renovation and it has been left unsecured since then," said the KCC official. "This means the website was relaunched with critical loopholes."

The unprotected information includes citizen resident numbers, passport information, home addresses, bank account details, phone numbers and family relations records. It compromises Koreans and foreigners who traveled or will travel using Asiana or its affiliated airlines, such as United Airlines, Lufthansa, Thai Airways, Singapore Airlines and Scandinavian Airlines, among others.

Regarding suspicions that maliciously minded insiders could have intentionally left the security loopholes unplugged, an investigator said "if that were the case, they would have targeted Asiana's main server containing information about millions of passengers."

It will take a couple of months for the ongoing investigation to be completed, said investigators.

Meanwhile, Asiana has beefed up its website security following the Times' report and issued a letter of apology to nearly 100 passengers whose private documents were accessed by this newspaper. The Korea Times has deleted all documents it downloaded during a pre-reporting exploration of the server.



Emailpss@ktimes.com Article ListMore articles by this reporter
 
LG
  • Citizens excited about refurbished Gwanghwamun Square
  • [INTERVIEW] 'Taiwan is part of China,' says Chinese ambassador
  • DSME hit with $970-million lawsuit from Japanese oil company
  • The fate of Sontag Hotel
  • Hyundai aims to develop own automotive semiconductors
  • Gov't considers slashing tariffs on imported produce ahead of Chuseok
  • KAI, Hanwha, SK, Hyundai Rotem contribute to Danuri project
  • Woori Bank to invest $7.7 million in 10 promising startups
  • 'Gov't should help manufacturers digitize fast to overcome global supply chain risks'
  • Envoy wary of creating Asian version of NATO
  • Interactive News
  • With tough love,
  • 'Santa dogs' help rebuild burnt forests in Andong
  • 'Santa dogs' help rebuild burnt forests in Andong
    • Brad Pitt to visit Korea to promote new film 'Bullet Train' Brad Pitt to visit Korea to promote new film 'Bullet Train'
    • [INTERVIEW] Jung Woo-sung was initially hesitant to take on role in 'Hunt' [INTERVIEW] Jung Woo-sung was initially hesitant to take on role in 'Hunt'
    • Hallyu research should be conducted beyond Korean perspective: scholars Hallyu research should be conducted beyond Korean perspective: scholars
    • 'The Red Sleeve' director debuts new thriller 'The Red Sleeve' director debuts new thriller
    • OTT platforms struggle amid declining number of users OTT platforms struggle amid declining number of users
    DARKROOM
    • Ice is melting, land is burning

      Ice is melting, land is burning

    • Tottenham 6-3 Team K League

      Tottenham 6-3 Team K League

    • Afghanistan earthquake killed more than 1,000

      Afghanistan earthquake killed more than 1,000

    • Divided America reacts to overturn of Roe vs. Wade

      Divided America reacts to overturn of Roe vs. Wade

    • Namaste: Yogis to celebrate International Yoga Day

      Namaste: Yogis to celebrate International Yoga Day

    The Korea Times
    CEO & Publisher : Oh Young-jin
    Digital News Email : webmaster@koreatimes.co.kr
    Tel : 02-724-2114
    Online newspaper registration No : 서울,아52844
    Date of registration : 2020.02.05
    Masthead : The Korea Times
    Copyright © koreatimes.co.kr. All rights reserved.
    • About Us
    • Introduction
    • History
    • Location
    • Media Kit
    • Contact Us
    • Products & Service
    • Subscribe
    • E-paper
    • Mobile Service
    • RSS Service
    • Content Sales
    • Policy
    • Privacy Statement
    • Terms of Service
    • 고충처리인
    • Youth Protection Policy
    • Code of Ethics
    • Copyright Policy
    • Family Site
    • Hankook Ilbo
    • Dongwha Group