A Coupang supply truck parks in an organization lot in Seoul on Nov. 30, 2025. (Choi Hyeon-su/Hankyoreh)
A former Coupang worker suspected of leaking the private data — together with names, cellphone numbers, and addresses — of 33.7 million of the e-commerce platform’s customers was recognized as having been accountable for inner community authentication duties. Coupang didn’t replace authentication procedures after this worker left the corporate; analysts word that such neglect was the reason for the latest knowledge breach of unprecedented scale.
Police are at the moment monitoring server log information submitted by Coupang to seek out the IP deal with suspected of getting used within the crime.
On Monday, Rep. Choi Min-hee, the chairperson of the Nationwide Meeting’s Science, ICT, Broadcasting, and Communications Committee and a member of the Democratic Celebration, spoke on the reason for this knowledge leak based mostly on supplies submitted by Coupang.
“The legitimate authentication key for knowledge entry issued to the authentication-related personnel was left unattended for an prolonged interval, and was exploited even after the worker left the corporate,” Choi mentioned.
The person accountable for this private data leak was a former worker answerable for authentication at Coupang. After this particular person left the corporate, Coupang didn’t revoke their system entry privileges or replace safety measures.
Based on Choi’s workplace, Coupang responded to inquiries relating to the validity interval of token authentication keys by stating, “Setting it to final for five to 10 years is widespread apply.” This is the reason some are calling the incident a foreseeable, man-made catastrophe.
Police investigations additionally confirmed that Coupang customers and customer support facilities obtained threatening emails implying private knowledge leaks earlier than the complete scale of the incident grew to become identified. A police official acknowledged, “We’re monitoring the IP deal with used within the crime by worldwide cooperation.”
Police added that no secondary damages, similar to voice phishing or smishing, have been reported but in relation to the breach.
The presidential workplace has given directions to enhance related programs. The presidential workplace chief of workers, Kang Hoon-sik, presiding over a gathering of senior secretaries and advisers that day, acknowledged, “There are limits to stopping large knowledge breaches when the punitive injury system shouldn’t be being enforced.”
Kang ordered a evaluation of enchancment measures to make sure the system works successfully when company duty is evident, in accordance with presidential workplace deputy spokesperson Jeon Eun-su
“In an period the place knowledge has grow to be the core of company competitiveness as a result of rise of AI know-how, we’re in a scenario the place the strictest protecting measures are touted at entrance of home but the precise administration system has a again door left open,” Kang advised officers.
He instructed related ministries to promptly report on basic system enhancements, a reorganization of the on-site inspection system, and help measures to strengthen company safety capabilities.
By Search engine marketing Hye-mi, workers reporter; Shin Hyeong-cheol, workers reporter; Bang Jun-ho, workers reporter
Please direct questions or feedback to [english@hani.co.kr]
