[Dataloss] Auction.co.kr - Chinese hacker steals user information on 18 MILLION
security curmudgeon
jericho at attrition.org
Wed Feb 20 17:57:00 UTC 2008
[No references for this event. No details if CC information other other
NPPI/PII was stolen. - jericho]
http://www.webappsec.org/projects/whid/byid_id_2008-10.shtml
WHID 2008-10: Chinese hacker steals user information on 18 MILLION online
shoppers at Auction.co.kr
Reported: 12 February 2008
Occurred: 10 February 2008
Classifications:
* Attack Method: Cross Site Request Forgery (CSRF)
* Country: Korea
* Origin: China
* Outcome: Downtime
* Outcome: Leakage of Information
* Vertical: Retail
A Korean e-commerce site was hacked and a staggering number of record, 18
million, where stolen. In the US this would be front news. We don't know
if it was front news in Korea, but did not get to the international media.
The attack description is vague but can be best described as session
hijacking.
This incident is a great example of the lack of sufficient international
coverage at WHID. Help us by sending us non English incidents! After all,
it is not English speakers only that get hacked, but rather us, the WHID
maintainers that speak only this language.
References:
More information about the Dataloss
mailing list