Personal Information Protection Commission and KISA: "Verifying Dark Web Data Leak"
Even Hard-to-Crawl Information Like Birth Dates Appears
Data of Closed Sellers Also Circulating on the Dark Web
The government has launched an investigation after it was revealed that the personal information of 732,000 sellers from NAVER's e-commerce platform, Smart Store, is being traded in file format on the dark web.
According to a report by this newspaper, not only store names, business types, and email addresses, but also personal information such as seller names, contact numbers, and dates of birth are being traded in file format on the dark web. A significant portion of the seller information being sold reportedly belongs to individuals who have already closed their businesses on Naver. On June 17, the Korea Internet & Security Agency (KISA) stated, "We are verifying the information leaked on the dark web."
The Personal Information Protection Commission also said, "We are in the process of confirming the facts after reviewing media reports."
Sample file of personal information of former Naver Smart Store sellers uploaded to the dark web market in January this year. It contains their store names, mobile phone numbers, email addresses, dates of birth, and more. (Photo by Dark Web screenshot)
A screen capture of a post on the dark web market showing past seller information from Naver Smart Store. Information of 732,323 people is posted. (Photo by Dark Web screen capture)
The information of 732,000 Smart Store sellers was first put up for sale on the dark web at around 5 a.m. on January 4 and is believed to have circulated until earlier this month. The dark web is an internet space where hackers leak or trade hacked information, accessible only through specific programs or routes. A security industry official commented, "Although the data does not include resident registration numbers or passwords, it is dangerous when various pieces of personally identifiable information are combined." The official added, "This increases the risk of targeted crimes such as phishing, smishing, and voice phishing because it becomes easier to deceive victims."
In particular, the way Naver managed the personal information of Smart Store sellers whose operations had ceased requires further scrutiny. A security company official, who requested anonymity, said, "It is possible that someone collected the information through crawling (a technique for automatically collecting website data) before the Smart Store closed." However, the official also noted, "Given that the data appears to have been selectively gathered and organized from businesses that had already ceased operations, it may not have been a simple crawling operation."
Regarding this issue, Naver stated, "It is highly likely that the seller information was obtained through external crawling of individual Smart Store pages where such information was publicly available." The company added, "We have been working to prevent crawling by introducing CAPTCHA, which requires users to enter numbers or letters to confirm they are not automated programs when checking seller information, and by inserting random numbers or letters into the URLs of web pages containing seller information."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
