Coupang Data Breach Suspect Apprehended and Confesses
Information from 3,000 Users Stored and Deleted Out of 33 Million Accounts
Coupang Confirms "No External Transmission of Customer Data"
On December 25, Coupang announced that it had apprehended the former employee responsible for leaking information on 33.7 million customers and obtained a full confession regarding the crime.
The perpetrator stole a security key acquired during their tenure at the company, then used a personal desktop PC and a MacBook Air laptop to access 33 million customer accounts and stored information on 3,000 individuals. As the Coupang incident escalated, the perpetrator deleted the data and disposed of the related devices in a nearby stream. Coupang stated that it searched the stream, recovered all devices used in the data breach, and confirmed that there was no external transmission of the leaked information.
According to Coupang, the perpetrator stole an internal security key obtained while employed at the company and accessed account information (names, emails, addresses, and phone numbers) for 33 million customers. The perpetrator stated that they obtained order information and common entrance door codes for 3,000 of these accounts.
During the investigation, Coupang engaged three global cybersecurity firms-Mandiant, Palo Alto Networks, and Ernst & Young-to confirm that there was no access to payment information, login credentials, or personal customs clearance numbers for the affected accounts. The investigation also found that 2,609 common entrance door codes were leaked.
The perpetrator stored the information on a personal desktop PC and a MacBook Air laptop. After the customer information leak was reported in the media, the perpetrator testified, "I physically destroyed the laptop and placed it, along with bricks, in an eco-bag bearing the Coupang logo, then threw it into a nearby stream."
Coupang explained that, based on the map and description provided by the perpetrator, divers located and recovered the MacBook Air laptop from the stream. The serial number of the laptop matched exactly with the serial number registered to the perpetrator's iCloud account.
Additionally, forensic investigation confirmed that, as the perpetrator testified, unauthorized access to Coupang's systems was carried out using one PC system and one Apple system. Coupang stated, "The perpetrator submitted the desktop PC and four hard drives used with the PC, and analysis revealed that scripts used in the attack were found on these storage devices."
The perpetrator is reported to have claimed sole responsibility for the crime. It is also reported that, following the Coupang incident, the perpetrator deleted the customer information for the 3,000 accounts and stated that there was no external transmission. Coupang said, "The results of the investigation to date are consistent with the perpetrator's testimony, and no evidence contradicting their statements has been found."
Coupang emphasized, "No customer data was transmitted to any third party," and added, "All devices and hard drives used by the perpetrator to access and steal Coupang customer information have been recovered and securely retained through verified procedures."
The company further stated, "We fully recognize the significant concern caused to our customers by the recent data breach," and added, "We sincerely apologize for the worry and inconvenience experienced by so many people as a result of the Coupang data leak incident."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
