The Ministry of Science and ICT, the Seoul Metropolitan Police Company, and different related companies performed an on-site investigation after receiving a report of a breach on Nov. 19 and a report of a private data leak on Nov. 20. The investigation confirmed that the attacker exploited an authentication vulnerability in Coupang’s servers, bypassing the traditional login course of and leaking buyer data.
The federal government launched a joint public-private investigation workforce on Nov. 30, and the Private Data Safety Fee is investigating whether or not Coupang violated its private data safety security measures — entry management, entry authority administration, encryption, and many others. As a service with such a excessive person base that it’s usually referred to as the “Amazon of Korea,” Coupang issued a public security discover on Nov. 29 to stop secondary harm. Moreover, a three-month interval, beginning Nov. 30, shall be devoted to strengthening the monitoring of private data leaks and unlawful distribution on-line.
In the meantime, Choi Min-hee, Chairwoman of the Nationwide Meeting Science, ICT, Broadcasting and Communications Committee, launched the outcomes of an evaluation of the precise causes of the incident in a press launch on Nov. 30. In keeping with data acquired from Coupang, the corporate reportedly responded that “the token signing key validity interval is commonly set to five to 10 years,” including that “the rotation interval is lengthy and varies enormously relying on the important thing sort.”
