In the last 24 hours, there has been much coverage of a data breach that affected an estimated 35 million users of SK Comms in South Korea. SK Comms is the largest service provider in the region that offers three types of service—social networking, mobile phone, and instant-messaging (IM) services. The breach affected user accounts of Nate portal and Cyworld, both under SK Comms.
SK Comms Breach
Given the breadth of services that SK Comms offers, the service provider is committed to provide user security and, as such, requires higher levels of personal information to secure and link user accounts compared with many other service providers. Unfortunately, these very measures are also the same ones that greatly affected its users. The stolen information include user names, email addresses, contact numbers, and some encrypted information that include the users’ blood types.
The online landscape in South Korea is interesting and gives us an idea of the impact of the breach. The country’s Internet penetration is high and its Internet speed is fast enough to sustain mobile banking (i.e., conducting online banking transactions using mobile devices and smartphones). As such, mobile banking is pretty commonplace in South Korea. If users submit the same information and use the same password for all of their online accounts, it would not take too much creativity for hackers to conduct subsequent attacks.
SK Comms issued an advisory to users of the affected sites. In the said post, it extended apologies with regard to the incident and gave users instructions in case they receive voice phishing calls and spammed messages. More information can be found in http://www.nate.com/nateInfo/noticeInfo.aspx.
Lessons from Past Data Breaches
One practice users should learn to do is to create different passwords for different online accounts. This lesson has not changed ever since the first big data breach this year and the years before that. Creating different passwords for different accounts will give you an additional layer of security (and peace of mind) in the event that data from one of your online account service providers is stolen.
This breach is the latest of several recent hacking incidents this year. Based on what we have been seeing, cybercriminals need to conduct extensive research on a target company in order to determine weaknesses that can serve as points of entry. The initial contact may either be a network or a social attack, depending on the weaknesses found. The weakness may be an infrastructure security hole or a good old human vulnerability and the attacker will use the appropriate means to get inside the network. After that, the attack becomes all about keeping silent during exfiltration (i.e., releasing data from a system without the owner’s knowledge) until the attacker’s goals are met.
So far, details are few about how this particular data breach was conducted but we will be updating this blog entry as soon as new technical information comes in.
Update on August 10: Updates on this security incident may be found in the blog entries Analysis of BKDR_SOGU.A, Database-Accessing Malware and Updates on the SK Comms Data Breach.