my timesThe Korea Times
  1. Business
  2. Tech & Science

LG Uplus agrees to report suspected cyber breach

Listen
By Lee Gyu-lee
  • Published KST
LG Uplus CEO Hong Bum-shik, left, speaks during a parliamentary audit session at the National Assembly in Seoul, Tuesday. Yonhap

LG Uplus CEO Hong Bum-shik, left, speaks during a parliamentary audit session at the National Assembly in Seoul, Tuesday. Yonhap

LG Uplus, after initially denying it had suffered a cyberattack, has reversed its stance and will formally report a suspected hacking incident to authorities amid growing concerns over leaked internal data, its CEO said, Tuesday.

During a parliamentary audit session at the National Assembly in Seoul, CEO Hong Bum-shik confirmed that LG Uplus would formally report the hacking incident to the cybersecurity watchdog, the Korea Internet & Security Agency (KISA).

“Our understanding was that reports should be filed after confirming an actual cyber breach,” Hong said. “However, given the growing confusion and misunderstanding, we plan to take a more proactive stance.”

In August, the telecom company faced mounting scrutiny after global cybersecurity journal Phrack Magazine reported that two anonymous white-hat hackers had obtained eight gigabytes of leaked data from an attacker suspected to be affiliated with the North Korean hacker group Kimsuky.

The leaked data allegedly includes LG Uplus’ information from 8,938 servers, 42,526 user accounts and 167 employees.

KISA detected signs of hacking as early as July and advised LG Uplus to file a breach report, but the company refused at the time, saying that there was no evidence that data had been compromised. The Ministry of Science and ICT later launched an on-site investigation, which is currently underway.

“None of the alleged data leak is related to customers’ personal information,” the company’s official told The Korea Times, after Phrack’s report prompted calls for an investigation into the company.

Rep. Lee Hai-min of the minor Rebuilding Korea Party pointed out that the company’s internal analysis of its account and access management system uncovered eight security vulnerabilities. These included one that potentially allowed access to the system via mobile by entering 111111 during the two-factor authentication process and manipulating specific memory values.

The LG Uplus homepage had a backdoor that allowed access to the admin page without any additional authentication, and the source code contained a plain text three-digit password for connecting to the backdoor, as well as unencrypted passwords used for account management.

“Leaving passwords unencrypted and exposed directly in the source code is like writing the combination on a sticky note and putting it on the outside of a safe,” Lee said. “This reflects a serious lack of cybersecurity awareness more than a technical issue.”