[Dataloss] 18 million Korean user information lost
Henry Brown
hbrown at knology.net
Wed Feb 27 10:29:02 UTC 2008
http://www.thedarkvisitor.com/?p=305
According to Hackbase.com, South Korea’s oldest and largest online
shopping site (Auction.co.kr) has claimed it was attacked by a Chinese
hacker who made off with the user information on 18 million members and
a large amount of financial data. It is further claimed that
Auction.co.kr delayed 20 hours after the attack before comfirming the
loss of information. Korean users rebuked the website for being too slow
to act. It was confirmed that the attack was launched through China’s
internet.
Auction.co.kr also confirmed that after the incident, they received a
phone call offering to exchange the user information for money.
The Chinese hacker did not directly attack the server, instead s/he took
a roundabout strategy. The hacker sent out bulk e-mailings to the
auction staff containing “hacker procedures” (I’m guessing this means
with Trojans attached). When the staff members confirmed the e-mails,
the hacker was able to gain their IDs. The hacker was then able to login
to the Auction server using the staffer’s ID.
More information about the Dataloss
mailing list