SK Communications (Nate / Cyworld) breach
Hackers using a poisoned software-update channel stole the personal data of about 35 million Nate and Cyworld users — names, resident-registration numbers, phone numbers and encrypted passwords — in what was then South Korea's largest data breach.
- Victim
- SK Communications (Nate, Cyworld)
- records
- 35.0M
- users
- 35.0M
On 26 July 2011, SK Communications — operator of the portal Nate and the social-networking giant Cyworld — suffered what was then the largest data breach in South Korean history, exposing the personal information of roughly 35 million users, the majority of the country's online population.
What happened
Rather than directly storming SK Communications' servers, the attackers used a supply-chain technique. They compromised the update mechanism of ALZip, a widely-used Korean file-compression utility, and pushed malware to machines inside SK Communications during a routine software check. That foothold let them reach the company's internal databases and exfiltrate user records over the network.
The Korea Communications Commission (KCC) traced the malicious traffic to IP addresses in China, and Chinese-based attackers were widely blamed, though no individuals were ever publicly identified or prosecuted abroad.
What was stolen
The breach exposed users' names, resident-registration (national ID) numbers, phone numbers, email addresses, user IDs and passwords. SK Communications stated that passwords and resident-registration numbers had been protected with encryption, but the sheer breadth of exposure — combined with Korea's reliance on resident-registration numbers as universal identifiers — made the leak extremely serious for identity fraud.
Impact and aftermath
- About 35 million Nate and Cyworld accounts were affected — at the time placing this among the ten largest breaches ever recorded worldwide.
- The incident intensified scrutiny of how Korean platforms collected and stored resident-registration numbers, accelerating a national shift away from using them for online sign-ups.
- In February 2013, a Seoul court ordered SK Communications to compensate identity-theft victims (reported at around 200,000 won each), ruling that the company had "completely failed to notice the phased theft" and had relied on insecure third-party software.
Why it matters
The Nate/Cyworld breach is a landmark supply-chain attack — years before "supply chain" became a mainstream security term — showing how a trusted software-update channel could be weaponised to reach an entire platform. It is also a defining moment in South Korea's privacy history: the scale of the exposure of resident-registration numbers helped push the country to legally restrict their collection by online services, reshaping how Korean websites authenticate users to this day.
Timeline
Attackers compromise SK Communications and exfiltrate the personal data of about 35 million Nate and Cyworld users.
SK Communications publicly discloses the breach; the Korea Communications Commission opens an investigation.
Investigators determine the attack used a poisoned update of the ALZip compression tool to plant malware, with traffic traced to Chinese IP addresses.
A Seoul court orders SK Communications to pay damages to identity-theft victims, finding it failed to detect the staged theft.
Sources
- koreaherald.comhttp://www.koreaherald.com/view.php?ud=20110728000881
- nakedsecurity.sophos.comhttps://nakedsecurity.sophos.com/2011/07/28/data-stolen-from-35-million-south-korean-social-networking-users/
- csoonline.comhttps://www.csoonline.com/article/2129187/chinese-hackers-blamed-for-huge-south-korean-database-theft.html
- databreaches.nethttps://databreaches.net/2013/02/18/korean-court-orders-sk-communications-to-pay-damages-to-id-theft-victims/