The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers.
South Korean police said Monday they are tracking IP addresses and examining potential security weaknesses at Coupang after the e-commerce giant experienced the country’s most significant data breach in more than ten years.
Security Failure
The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers, though the company did not learn of the problem until November 18.
South Korea‘s Science Minister Bae Kyung-hoon said on Sunday that the perpetrator had “abused authentication vulnerabilities” in Coupang’s servers, adding that authorities would be investigating whether the company violated rules regarding the protection of personal information.
Coupang, which is backed by Japan’s SoftBank Group, has said the breach exposed customers’ names, email addresses, phone numbers, shipping addresses and certain order histories, but not payment details or login credentials.
Suspicion of China’s Involvement
Broadcaster JTBC has reported that after conducting an internal investigation, Coupang suspects that a Chinese former employee, who was responsible for authentication tasks, was a key figure in the data breach.
A former employee used their authentication key that was still active after the termination of the person’s contract to get access to customer information, lawmak
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1764583559",
"linkid": "coupang",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33,000,000+',
'industry': 'Retail',
'location': 'South Korea',
'name': 'Coupang',
'size': 'Large (33M+ customers affected)',
'type': 'E-commerce'}],
'attack_vector': 'Abuse of authentication vulnerabilities via '
'active authentication key of a former employee',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes (via overseas servers)',
'file_types_exposed': None,
'number_of_records_exposed': '33,000,000+',
'personally_identifiable_information': ['names',
'email '
'addresses',
'phone '
'numbers',
'shipping '
'addresses'],
'sensitivity_of_data': 'High (PII but no payment '
'details or login '
'credentials)',
'type_of_data_compromised': ['personal '
'identifiable '
'information (PII)',
'order histories']},
'date_detected': '2023-11-18',
'date_publicly_disclosed': '2023-11-20',
'description': 'The personal data of more than 33 million '
'Coupang customers was leaked in a breach '
'believed to have started on June 24 through '
'overseas servers. The breach was discovered on '
'November 18. The perpetrator, suspected to be a '
'former Chinese employee, abused authentication '
'vulnerabilities to access customer information, '
'including names, email addresses, phone numbers, '
'shipping addresses, and order histories. Payment '
'details and login credentials were not exposed.',
'impact': {'brand_reputation_impact': 'Significant (largest data '
'breach in South Korea in '
'over a decade)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['names',
'email addresses',
'phone numbers',
'shipping addresses',
'order histories'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (personal data of 33M+ '
'customers exposed)',
'legal_liabilities': 'Potential violation of personal '
'information protection rules '
'(under investigation)',
'operational_impact': None,
'payment_information_risk': 'None (payment details '
'not compromised)',
'revenue_loss': None,
'systems_affected': ["Coupang's customer database "
'servers']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Active authentication '
'key of a former '
'employee',
'high_value_targets': 'Customer '
'database (PII '
'and order '
'histories)',
'reconnaissance_period': None},
'investigation_status': 'Ongoing (police tracking IP addresses, '
'examining security weaknesses)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Authentication '
'vulnerabilities; '
'failure to deactivate '
"former employee's "
'access credentials'},
'ransomware': {'data_encryption': None,
'data_exfiltration': 'Yes (via overseas servers)',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'JTBC (South Korean broadcaster)',
'url': None},
{'date_accessed': None,
'source': 'South Korean Police and Science '
'Ministry statements',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Investigation '
'ongoing by South '
'Korean authorities',
'regulations_violated': 'Potential '
'violation of '
'South Korean '
'personal '
'information '
'protection '
'rules (under '
'investigation)',
'regulatory_notifications': 'Disclosed '
'by South '
'Korea’s '
'Science '
'Minister '
'and '
'police'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public disclosure by '
'South Korean authorities '
'and Coupang',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes (internal '
'investigation '
'conducted)',
'law_enforcement_notified': 'Yes (South Korean '
'police involved)',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Former Chinese employee (suspected)',
'title': 'Coupang Data Breach Exposes 33 Million Customer '
'Records',
'type': 'Data Breach',
'vulnerability_exploited': 'Authentication vulnerabilities in '
"Coupang's servers"}