"Out of a desire to show off"...Investigating possible sale
4.62 million items leaked, including user IDs and phone numbers
Two teenagers who leaked a massive amount of personal information belonging to members of Seoul City's public bicycle service "Ttareungi" have been handed over to the prosecution. The boys, who are now high school students, were only middle school students at the time of the crime and stated that their motive was a desire to show off.
The Cyber Investigation Unit of the Seoul Metropolitan Police Agency announced on the 23rd that it had referred high school students A and B without detention on charges of violating the Information and Communications Network Act.
In August 2024, police are cracking down on the area around the storage facility for Seoul's public bicycle Ttareungi. Yonhap News Agency
According to the police, A and others are accused of breaking into the Ttareungi server of the Seoul Facilities Corporation in June 2024, when they were middle school students, and leaking about 4.62 million items of personal information, including user IDs, phone numbers, email addresses, dates of birth, gender, and weight. Names and resident registration numbers were not included. In the case of B, he is also suspected of having carried out a Distributed Denial of Service (DDoS) attack on the server of another shared mobility rental company in April of the same year, thereby disrupting its equipment rental work.
Earlier, while investigating a case caused by B in October 2024, the police identified B as the perpetrator of the DDoS attack, seized all of his electronic devices, and in July last year found a file that appeared to contain Ttareungi personal information.
Subsequently, they identified an anonymous Telegram account and, through technical tracking, additionally arrested A at the end of last month as the main culprit in the Ttareungi personal information leak case. The police applied twice for an arrest warrant after A repeatedly refused to make a statement and failed to cooperate with the investigation, but the prosecution declined to request the warrants, citing his status as a juvenile offender, among other reasons.
During the police investigation, B stated in substance that he committed the crime "out of curiosity and a desire to show off." It has been determined that the two became acquainted through social networking services (SNS), sparked by their shared interest in information security. The investigation found that after B discovered vulnerabilities in the Seoul Facilities Corporation server, A proposed and led the crime.
On November 18 last year, a Ttareungi storage facility was installed near Exit 2 of City Hall Station on Sejong-daero in Jung-gu, Seoul. Photo by Kang Jinhyung
The police are also examining whether A and others committed the crime with the intention of selling the personal information. So far, there is no indication that the data has been passed on to any third party.
In addition, the police believe that the Seoul Facilities Corporation bears responsibility for poorly managing the server containing personal information and are conducting a pre-indictment investigation (internal inquiry) into those involved. Previously, the Seoul Metropolitan Government had requested a police investigation, stating that there were indications the corporation recognized the personal information leak but failed to take any meaningful action for about two years.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
