Coupang introduced on Dec. 25 that, concerning the current private data breach incident, it utilized forensic proof to establish the previous worker who leaked buyer data and recovered and secured all gadgets and arduous disk drives used to entry and steal buyer data, with investigations confirming that no exterior transmission occurred.
Coupang said in a press launch, “We recognized the previous worker who leaked buyer data utilizing forensic proof comparable to digital fingerprints, and the perpetrator confessed to all acts and particularly described the strategies used to entry buyer data.”
In accordance with the perpetrator’s assertion and investigations by cybersecurity corporations, the perpetrator used stolen safety keys to entry primary buyer data from 33 million buyer accounts, however solely saved buyer data from roughly 3,000 accounts amongst them.
This included names, emails, cellphone numbers, addresses, some order data, and a couple of,609 constructing entrance codes.
In accordance with Coupang’s rationalization, the perpetrator additionally deleted all saved data after encountering media studies concerning the incident, and investigations confirmed that no buyer data knowledge was transmitted to 3rd events in any respect.
In accordance with Coupang, the perpetrator confessed to stealing inner safety keys acquired throughout employment and trying assaults utilizing a private desktop PC and MacBook Air laptop computer, then storing some data on these gadgets.
Forensic investigation outcomes confirmed these statements to be true, and Coupang defined that evaluation of the desktop PC submitted by the perpetrator and 4 arduous disk drives used within the PC revealed scripts used within the assaults had been discovered on these gadgets.
Coupang has been conducting investigations because the early levels of the incident by commissioning prime international cybersecurity corporations Mandiant, Palo Alto Networks, and Ernst & Younger for rigorous forensic investigation, and in addition verified the perpetrator’s statements.
In accordance with Coupang, the perpetrator said that upon seeing media studies concerning the private data breach, they fell into excessive nervousness and instantly deleted all saved buyer data after encountering the media studies.
The perpetrator additionally said that they “bodily destroyed the MacBook Air laptop computer used for knowledge breach, then crammed a Coupang eco-bag with bricks and threw it right into a river.” Following this assertion, divers had been deployed to go looking the river, and the gadget was recovered from the Coupang eco-bag containing bricks. It was additionally confirmed that this laptop computer’s serial quantity precisely matched the serial quantity registered to the perpetrator’s iCloud account.
Coupang additionally emphasised that “investigation outcomes up to now are in line with the perpetrator’s statements, and no proof contradicting the perpetrator’s statements has been found.”
Relating to questions concerning the investigating authority, Coupang responded that “at current, we can’t affirm something past the offered data.”
Coupang said, “We deeply really feel the accountability for a way a lot concern the current private data breach has brought on our prospects,” and “We sincerely apologize for the concern and inconvenience that numerous residents have skilled as a consequence of Coupang’s private data breach incident.”
Coupang mentioned, “We plan to offer steady updates in keeping with the progress of future investigations, and can individually announce buyer compensation measures for this incident within the close to future.”
