Breach cyber

Coupang

Nov 6, 2025 2 min read
Coupang

Coupang, a South Korean e-commerce giant, suffered a **data breach** where unauthorized access to **4,536 customer accounts** went undetected for **12 days** (from November 6 to November 18). The breach was caused by the exploitation of **signed access tokens**, allowing attackers to view sensitive customer data, including **names, phone numbers, shipping addresses, and the five most recent orders**. The company failed to detect the intrusion promptly and delayed notifying affected customers, raising concerns about its cybersecurity measures. While Coupang revoked the compromised tokens and reported the incident within the **24-hour legal deadline**, the prolonged exposure of personal data has led to criticism over its **detection capabilities and transparency**. Regulatory bodies, including the **Ministry of Science and ICT, KISA, and the Personal Information Protection Commission**, are investigating the breach’s cause and impact. The incident highlights vulnerabilities in **authentication mechanisms** and underscores the risks of **unauthorized data access** in large-scale digital platforms.

Source: https://koreajoongangdaily.joins.com/news/2025-11-21/business/industry/Coupang-fails-to-detect-data-breach-affecting-over-4500-customers-for-12-days/2460376

Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang

"id": "COU4132641112125",
"linkid": "coupang",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '4,536',
                        'industry': 'retail',
                        'location': 'South Korea',
                        'name': 'Coupang',
                        'type': 'e-commerce'}],
 'attack_vector': 'exploitation of signed access token',
 'customer_advisories': ['text message notification to affected customers'],
 'data_breach': {'number_of_records_exposed': '4,536',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'moderate (PII including names, phone '
                                        'numbers, addresses)',
                 'type_of_data_compromised': ['personal information',
                                              'order history',
                                              'delivery addresses']},
 'date_detected': '2023-11-18T22:52:00',
 'date_publicly_disclosed': '2023-11-18',
 'description': 'Coupang failed to detect a data breach that exposed the '
                'personal information of more than 4,500 customers for over 10 '
                'days. Unauthorized access to user accounts occurred on '
                'November 6, 2023, at 6:38 p.m., but the breach was not '
                'detected until 12 days later, on November 18, 2023, at 10:52 '
                'p.m. The compromised data included the five most recent '
                'orders and delivery address book entries (names, phone '
                'numbers, and shipping addresses). The breach was attributed '
                'to the exploitation of a signed access token. Coupang revoked '
                'the signature key information and enhanced detection rules to '
                'prevent further unauthorized access.',
 'impact': {'brand_reputation_impact': 'criticism for delayed detection and '
                                       'disclosure',
            'data_compromised': ['names',
                                 'phone numbers',
                                 'shipping addresses',
                                 'five most recent orders',
                                 'delivery address book entries'],
            'identity_theft_risk': 'potential (due to exposed PII)',
            'legal_liabilities': 'investigation by Ministry of Science and '
                                 'ICT, KISA, and Personal Information '
                                 'Protection Commission',
            'systems_affected': ['user account profiles']},
 'initial_access_broker': {'entry_point': 'exploited signed access token',
                           'high_value_targets': ['user account profiles']},
 'investigation_status': 'ongoing (by Ministry of Science and ICT, KISA, and '
                         'Personal Information Protection Commission)',
 'post_incident_analysis': {'corrective_actions': ['revoked compromised tokens',
                                                   'enhanced detection rules',
                                                   'expanded monitoring'],
                            'root_causes': ['failure to detect unauthorized '
                                            'access promptly',
                                            'exploitation of signed access '
                                            'token']},
 'references': [{'source': 'The Korea Herald'}],
 'regulatory_compliance': {'legal_actions': ['investigation ongoing by '
                                             'regulatory bodies'],
                           'regulations_violated': ['Korea’s Act on Promotion '
                                                    'of Information and '
                                                    'Communications Network '
                                                    'Utilization and '
                                                    'Information Protection '
                                                    '(24-hour breach reporting '
                                                    'requirement met)'],
                           'regulatory_notifications': ['reported to '
                                                        'authorities within 24 '
                                                        'hours of discovery '
                                                        '(November 19, 2023, '
                                                        'at 9:35 p.m.)']},
 'response': {'communication_strategy': ['text message to affected customers '
                                         'on November 18, 2023'],
              'containment_measures': ['revoked signature key information for '
                                       'tokens'],
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['enhanced detection rules',
                                       'expanded monitoring'],
              'third_party_assistance': ['Korea Internet & Security Agency '
                                         '(KISA)',
                                         'Ministry of Science and ICT',
                                         'Personal Information Protection '
                                         'Commission']},
 'title': 'Coupang Data Breach Exposing Personal Information of Over 4,500 '
          'Customers',
 'type': ['data breach', 'unauthorized access'],
 'vulnerability_exploited': 'compromised signed access token'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.