A data breach of staggering proportions has hit South Korea – involving 27 million people and 220 million private records – and affecting 70% of the population between the ages of 15 and 65, according to Forbes.
Sixteen hackers were arrested for the attack, which targeted registration pages and passwords for six online gaming sites – with the aim of selling game currency. South Korea has a strong online gaming culture, and people of all ages indulge in the hobby.
South Korean authorities said that the gang had stolen 220 million items of personally identifying information, with the goal of breaking into online game accounts. A 24-year-old man, surname Kim, bought these records from a Chinese hacker he met in another online game in 2011, according to the Korea JoonGang Daily.
According to police, Kim reportedly received 220 million personal information items from a data breach of unknown origin, including the names, resident registration numbers, account names and passwords, of the 27 million people from a Chinese hacker he met in an online game in 2011.
Kim and his associates are thought to have used a hacking tool known as an “extractor” to log in to accounts and steal virtual currency to and items to sell – earning in the process 400 million won ($390,919).
The Register reports that, “Kim bagged almost $400,000 by hacking six online games using the details and gave the Chinese cracker a $130,000 cut. The buyer used the creds to steal items from gaming accounts and sold off to other players.”
Police estimate that secondary damages from the data breach cost at least $2m.
When Kim’s gang could not break into accounts, they bought yet more personal information including identity cards from a cellphone retailer in Daegu, and then changed passwords to gain access.
Kim is also accused of having sold his hoard of personally identifying information to mortgage fraudsters and illegal gambling advertisers.
Author Rob Waugh, We Live Security