[Reporter's Notebook] Yes24 Shifts from "Hacking Victim" to "The Boy Who Cried Wolf"

"This was absolutely not a hacking incident. We are conducting internal system maintenance."

At around 4 a.m. on June 9, when I tried to access the Yes24 website to write an article, the site was inaccessible. At first, I thought it was just a temporary connection issue. However, as the outage persisted for half a day, and then a full day, suspicions of hacking began to arise. Yes24 dismissed these suspicions, stating the position above and ruled out the possibility of hacking. They also explained that there had been a previous case where the server was down for three days, and they believed this incident was similar.

However, that explanation turned out to be untrue. The real cause was an "external ransomware hacking attack." Yes24 became aware of this and reported it to the security authorities at around 1 p.m. on June 10. Nevertheless, the public notice was delayed, and the message on the website still read "internal system maintenance." Users' right to know was thoroughly ignored. Even as performances, sports events, and fan meetings were being canceled or postponed one after another, the truth remained hidden. It was only after Choi Sujin, a member of the National Assembly's Science, ICT, Broadcasting, and Communications Committee from the People Power Party, disclosed the hacking incident on the afternoon of June 10 that Yes24 finally acknowledged it.

Yes24's false explanations did not end there. There was even a request to include in news articles that "the Korea Internet & Security Agency (KISA) had visited Yes24 and was cooperating closely," but this too was not true. KISA took the unusual step of issuing a statement late at night, refuting Yes24's claims. A KISA official told this newspaper, "It is true that we visited Yes24 twice, but due to lack of cooperation, we were not even able to enter the data room, and no basic investigation was conducted."

With two consecutive false explanations, when asked for clarification by a reporter, the Yes24 representative replied in a dispirited voice, "I'm sorry, but I really didn't know either." Even the person in charge of external communications was not fully aware of the hacking incident or the subsequent actions taken. According to information confirmed through reporting, internal staff also complained, "CSO Kwon Minseok and the information security team are monopolizing information, and we receive no answers even when we ask questions." This means that information was not being properly shared within the company, and accurate facts were not being communicated.

It is regrettable enough that the nation's largest online bookstore, with approximately 20 million members, suffered such an unprecedented access disruption. However, an even bigger problem was the response that followed. Performances, fan meetings, and sports events suffered significant damage, and publishers lost a major sales channel. Despite this, there was no timely explanation for stakeholders. Internal employees are becoming like "the boy who cried wolf." One source familiar with Yes24's internal affairs said, "I've never seen anything like this in my life. Now, even the employees don't trust the company's explanations."

If it turns out that even the claim that no personal information was leaked is false, it will only be a matter of time before Yes24 shifts from being a "hacking victim" to a "perpetrator violating users' rights."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.