About us
(Seoul=Yonhap Infomax) Su In Jeong –
Coupang Inc., South Korea's leading e-commerce platform, failed to detect a personal data breach affecting approximately 4,500 customers for more than 12 days after the initial incident occurred.
According to a breach notification submitted by Coupang to the Korea Internet & Security Agency (KISA) and disclosed by Choi Min-hee, Chair of the National Assembly’s Science, ICT, Broadcasting and Communications Committee, the unauthorized access to Coupang account information is estimated to have first occurred at 18:38 KST on November 6.
Coupang only became aware of the abnormal access at 22:52 KST on November 18—12 days after the suspected breach—and reported the incident to KISA at 21:35 KST on November 19.
An internal investigation by Coupang revealed that the breach exploited 'signed access tokens' issued to existing logged-in users. The company has since revoked all affected tokens and implemented additional monitoring rules to detect further unauthorized access attempts.
Choi Min-hee, Committee Chair, criticized the incident as “a serious lapse in security management, not merely a simple mistake,” and urged Coupang to “take swift action to alleviate customer concerns and fully cooperate with the government’s investigation to determine the root cause.”
sijung@yna.co.kr
(End)
Copyright © Yonhap Infomax Unauthorized reproduction and redistribution prohibited.