"Third Parties Obtain User Personal Information for Payment
Detect and Block Suspicious IPs in Advance"
[Asia Economy Reporter Lee Gwan-joo] It has been confirmed that personal information of mobile financial service Toss users was stolen, leading to fraudulent payments.
According to Viva Republica on the 8th, fraudulent payments occurred at a total of three online merchants under the names of eight Toss users on the 3rd of this month. The amount of damage was 9.38 million KRW, which Toss explained has been fully refunded.
Toss stated, "It was identified as fraudulent payments using web payments by a third party using users' personal information and passwords," adding, "We immediately blocked the accounts of the affected users and preemptively detected and blocked accounts accessed from suspicious IPs."
The web payment method requires entering all of the user's personal information and password for the payment to be processed, but Toss believes that the payments were made due to personal information being leaked externally. Toss is conducting inspections and responses for web payment merchants and plans to apply changes after consulting with merchants if necessary.
Toss said, "For customers who wish to report to the police or other investigative agencies, we have issued transaction statements and other supporting documents and provided related guidance," and added, "The company will also actively cooperate with investigative agencies upon future requests."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![15-Year Veteran Field Mechanic Becomes AI Talent... Korean Air's Experiment [AI Era, Jobs Are Changing]](https://cwcontent.asiae.co.kr/asiaresize/319/2025121111232252273_1765419802.jpg)
