By Na Jeong-ju
A “top-class” hacker based in China was behind the recent attack on popular websites, Nate and Cyworld, and theft of personal information of some 35 million users in the cyber assault, police said Thursday.
Announcing the result of an initial investigation of the case, police said the unknown hacker implanted malicious codes into update files of anti-virus programs installed in the computers of SK Communications, the operator of the two sites, and then gained an ID and password to access the database of user information in late July.
“As a result, the personal information of 35 million users was relayed to a Chinese Internet Protocol address through an external server,” said an official from the police’s cyber terror response center.
“The stolen information includes names, resident registration numbers, birthdates, phone numbers, addresses and e-mail addresses, which can be used for other crimes.”
SK Communications said a hacker broke into its servers and stole user data after reporting the attack to police on July 28. Since then, police have looked into 40 computers belonging to the firm and Est Soft, which made the anti-virus software.
The hacker seems to have targeted only SK Communications servers, and no individual computers were attacked, the official said.
“We will seek cooperation from the Chinese police to catch the hacker and to retrieve the stolen personal information,” he said.
According to the Korea Communications Commission, the hacking was the country’s biggest data breach case ever. Nate has 33 million users, and Cyworld has 25 million. The number of users for the two sites totals 35 million when excluding overlaps.
A series of hacking incidents have plagued the nation of late. Auction, an online open market, had private information of over 10 million users stolen in February 2008, followed by a leak at GS Caltex in the same year. More recently, the information of 20 million Shinsegae Mall clients were stolen last year, and Hyundai Capital had critical data such as passwords and credit ratings compromised.
Angry Nate and Cyworld users are now planning to file class-action against SK Communications.
Last week, the Seoul Central District Court said a 40-year-old lawyer filed a lawsuit against the firm on July 29, demanding the company pay him 3 million won in compensation for psychological damage he suffered as a result of the leakage of his private information.
In a petition, the lawyer, who identified himself as a Nate user, claimed that the company failed to protect the personal information of its customers, despite its duties under the nation’s Information and Telecommunication Act, and Telecommunication Secret Protection Act.