Sunday, December 20, 2015

Chinese Hackers Target Korean SMEs, Sell Personal Information on Chinese Web Sites

25 July 2014 

Chinese hackers reportedly stole and sold 20 million cases of the personal information of Koreans by targeting small and medium-sized enterprises (SMEs) that are vulnerable to hacking or security attacks, and put the stolen information on Chinese websites. A total of 40 companies engaged in online services, education, retailing, and e-commerce were targeted.
According to sources in the government and police on July 24, the police are conducting their investigations into the case in which the personal information of as many as 20 million Koreans were recently posted on Chinese websites. An official at the Korea Communications Commission said, “We verified that the customer information of 40 SMEs was stolen, and we are going to investigate the case by sending our team to China.”
The situation is serious in that hackers not only stole customer information, but also accounts with administrative rights that have access to company computer systems. In fact, names, addresses, IDs, and passwords were also said to be stolen. In other recent information leakage accidents, passwords have not easily been leaked.
A security expert said that targeted SMEs neither made adequate investment in security, nor realized the seriousness of the matter. The expert explained, “Apparently, they did not take measures like one-way encryption or by separately storing passwords on servers. As a result, passwords were leaked when accounts with administrative rights were stolen.”