Compromised data of 27 million people South Korea. 70 percent of the population suffered a data breach.

Authorities confirmed that 27 million individuals in South Korea suffered a data breach, nearly 70 percent of  the population aged between 15 and 65 was hit.

A new massive data breach hit more that 27 million people in South Korea, according to the authorities stolen data comes from the gaming industry.

It isn’t the first time that Internet users in South Korea suffered a massive breach, in 2011, 35 million individuals had personal information exposed because hackers violated the database South Cyworld, a South Korean social network, and the search engine Nate.

Early 2014, 20 million South Koreans suffered another data breach caused by an employee of the Korea Credit Bureau.

South Korean law enforcement confirmed that information were stolen from databases for various games and online gambling promotions, movie ticketing and ringtones. The number of victims is amazing if we consider that more than 70 percent of the population aged between 15 and 65 was hit.

” South Korean authorities have unveiled a massive leak of personal information related to more than 70% of the population aged between 15 and 65 in the country. A hacker from China is one of the perpetrators, reports Duowei News, a news website operated by overseas Chinese.

The main perpetrator, last name Kim, was arrested along with over a dozen others for stealing and selling over 220 million items of personal information from 27 million South Koreans aged between 15 and 65, which accounts for about 72% of that demographic range, according to the South Jeolla Provincial Police Agency on Aug. 21.

The information had been stolen through hacking registrations on websites for online games, movie ticketing and ring tone downloads. A registration on any one of the websites can be used to trace registrations for the same person from other online service providers, the police said.” reported WantChinaTimes.

The Kim Bong-Moon of Korea JoongAng Daily reports that 16 individuals were arrested and added:

“According to police, Kim reportedly received 220 million personal information items, including the names, resident registration numbers, account names and passwords, of the 27 million people from a Chinese hacker he met in an online game in 2011.

The police suspect he used the personal information to steal online game currency by using a hacking tool known as an “extractor,” which automatically logs on to a user’s accounts once the login and password are entered. He is also thought to have sold those cyber items for profit.

When passwords he received were wrong, he allegedly bought the personal information on the identification cards and their issue dates from a cellphone retailer in Daegu to change the passwords himself.”

As reported in the above statements, the South Jeolla Provincial Police Agency arrested a 24-year-old man named Kim along with 15 others, for allegedly stealing and selling 220 million records with personal information from 27 million South Korean.

First details on the investigation revealed that Kim obtained the data from a Chinese hacker he met online in 2011, stolen data includes names, account credentials and resident registration numbers. The investigation is still on-going, law enforcement is trying to track the complete network of persons which had access to the records, but it isn’t an easy job.

Data stolen by hackers was used to seal in-game currency and other game-related items that could be commercialized, law enforcement is worried by the sale of the information to other gangs of criminals. Personal information is a valuable commodity in the underground market, groups of cyber criminals are always interested to acquire user’s data to arrange further cyber attacks and any other kind of scam.

With a cost per record item ranged from a minimum of $0.001 to a maximum of $20, it seems that Kim have earned $390,919 USD by selling/using stolen records of 27 million Koreans.

Stay tuned for further details on the investigation.

Pierluigi Paganini

(Security Affairs – 27 million people victims of a data breach,  South Korea)