Information of 732,000 Naver Smart Store Sellers Circulated... Government "Under Investigation" (Comprehensive)

It has come to light that the personal information of 732,000 sellers from Naver's (NAVER) e-commerce platform, Smart Store, is being traded in file form on the dark web. Naver stated, "Based on our own inspection, we have found no evidence of hacking, such as any signs of intrusion into our user personal information database (DB) within our systems."

Regarding this newspaper's report that not only Smart Store business names, business types, and emails but also sellers' names, contact information, and dates of birth are being traded as files on the dark web?and that a significant number of the sellers whose information is for sale have already closed their businesses on Naver?Naver responded on June 17, "As a telecommunications sales intermediary, we have a legal obligation to provide Smart Store seller information to consumers, just like other similar online commerce operators," and added, "It appears that business information disclosed on web pages in accordance with the law was collected by a third party."

To prevent such third-party collection of information, Naver explained, "We have implemented measures such as CAPTCHA, which requires users to enter numbers or letters to verify they are not automated programs when checking seller information, and the insertion of random strings into URLs containing seller information to block unauthorized access." The company added, "We plan to continue strengthening measures such as enhanced detection of crawling (technology that automatically collects website information) and advanced access control to information."

Naver further stated, "We will work closely with the Personal Information Protection Commission and the Korea Internet & Security Agency (KISA) to ensure that no damage occurs," and added, "So far, there have been no reports of damage resulting from the distribution of Smart Store seller information."

After news of the distribution of Smart Store seller information broke, the Personal Information Protection Commission said, "We are currently checking the facts after reviewing media reports." KISA also stated, "We are verifying the information leaked on the dark web."

Sample file of personal information of former Naver Smart Store sellers uploaded to the dark web market in January this year. It contains their store names, mobile phone numbers, email addresses, dates of birth, and more. (Photo by Dark Web screenshot)

A screen of a post selling past seller information of Naver Smart Store posted on the dark web market. Information of 732,323 people is uploaded. (Photo by Dark Web screen capture)

The information of 732,000 Smart Store sellers was reportedly put up for sale on the dark web around 5 a.m. on January 4 and was distributed until early this month. The dark web is an internet space where hackers leak or trade hacked information, and it can only be accessed through specific programs or routes. A security industry official commented, "Although information such as resident registration numbers or passwords is not included, it is dangerous when various pieces of information that can identify individuals are combined," and added, "Because it becomes easier to deceive others, there is a high risk that this information could be misused for crimes such as targeted phishing, smishing, or voice phishing."

In particular, how Naver managed the personal information of Smart Store sellers whose businesses have been closed is an issue that requires further scrutiny. A security company official, who requested anonymity, said, "It is possible that someone collected the information through crawling (technology that automatically collects website information) before the Smart Store closed," but also analyzed, "Given that the information appears to have been sorted and organized separately for businesses that have ceased operations, it may not have been a simple crawling operation."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.