The Korean Communications Commission (KCC) announced today that hackers had broken into Nate and Cyworld, potentially exposing the personal details of some 35 million members of the two sites.
Bloter reports that using an IP in China, hackers illegally accessed the names, IDs, emails, phone numbers, social security numbers and passwords of some 35 million accounts held on the Nate portal and Cyworld social network site. SK Communications, the parent company of the two sites, confirmed the breach with the KCC today and said they had also reported it to the police. In order to prevent further attacks, the company said it was also strengthening its system monitoring and pushing people to change their passwords.
In order to minimise the risk to the huge numbers of Koreans who have Nate and/or Cyworld accounts, the KCC is trying to spread news of the breach as quickly as possible, and has added a pop-up window on Nate and Cyworld that lets users check whether their information is safe.
To head off further problems, the KCC is also urging internet users to change their passwords not just on the affected sites, but in any other online accounts, too. They are also warning Koreans to be especially vigilant against phone “phishing” scams in the weeks ahead.
To try and find out exactly what happened, Bloter says the KCC has set up a research group, and will also be carrying out a thorough investigation to see if SK Comms was negligent or did anything illegal.
The ramifications of such a massive breach are likely to play out for quite some time — but a short-term issue is renewed anger at the Real Name system, which requires Koreans to submit their real names and social security numbers when leaving comments on any sites that attract more than 100,000 people per day. The law means that besides getting just user names and passwords, the hackers were potentially able to access users social security numbers as well.
More on this story here.