-
A massive breach at South Korea’s top ecommerce company, Coupang, exposed data from 33.7 million customer accounts.
-
Police say threatening emails warning of the leak were sent by a former employee, now the prime suspect.
-
Leaked delivery addresses and notes have customers fearing for their physical safety, not just online fraud.
E-commerce giant Coupang just confirmed one of South Korea’s biggest data leaks. It affects a staggering 33.7 million people.
The breach came to light after the company received anonymous threat emails. Now, a nation reliant on its “Rocket” delivery is scrambling to check the dark web.
A Breach Revealed by Threats
Coupang’s CEO, Park Dae-jun, apologized on the company’s website, calling it a serious breach. For many, though, it’s just another entry in a long list of data leaks from big Korean companies. This incident follows a familiar, concerning pattern, such as the massive 1.59TB client data breach at a major South Korean law firm that resulted in significant regulatory fines.
But there’s a twist. Police confirmed Coupang got anonymous emails before the public knew. The messages threatened to disclose the massive data breach. They warned Coupang to improve security but made no financial demands.
Investigators believe the suspect is a former Coupang employee who worked on the company’s authentication systems. Coupang has reported the matter to the authorities, and investigations are now in progress.
Investigators are checking server logs, and they are also working with overseas authorities to track down whoever’s behind the leak.
They are also checking whether the suspect has sold any of the stolen data, which has become a common fate for corporate data in the thriving dark web economy, as recently seen with logins from the UK’s biggest companies flooding dark web markets. So far, no one has reported secondary crimes like phishing.
Stolen Data Sparks Anxiety & Fear of Physical Safety
Millions of individuals affected by the leak realistically experience anxiety and fear for their personal safety. We’re talking about names, phone numbers, and delivery addresses—all out in the open.
Coupang insists that payment details and passwords are still intact and safe, but honestly, a lot of customers just aren’t buying it, especially given the high demand for Korean financial data, as evidenced by the recent 168% surge in stolen Korean credit card prices on dark web markets.
The real fear for many involves delivery instructions. People often put apartment building entry codes in the delivery request box. They manage those codes as delivery information.
“If the joint password is exposed, anyone can enter the apartment,” said one Seoul resident. They asked their building manager to change the code immediately. Others are angry that their parents’ home addresses were exposed.
Online, complaints are flooding in. One user said personal information feels like a “public good” now. Another wondered if they should switch to a different shopping platform entirely.
Other customers reported that their company and parents’ home addresses were exposed. They fear this data could be abused for crimes.
The breach’s scale is daunting. Coupang had 24.7 million active users last quarter. The 33.7 million breached accounts include inactive ones, too. This suggests a huge portion of the country’s population is affected.
The National Fallout and What to Do Now
The South Korean government quickly held an emergency meeting. The Minister of Science and ICT said they are investigating Coupang. They are checking if the company violated personal information protection rules.
Security experts are giving direct advice to the public. Professor Hwang Seok-jin of Dongguk University warned against becoming calm about constant leaks.
He recommends that people change their passwords regularly. He also advises blocking small mobile payments. Using functions to prevent overseas credit card payments is crucial, too.
For Coupang users, the advice is immediate – to avoid further damage, it’s advisable to change the password you used on Coupang or on any other website where you have used the same password.
Also, if allowed, turn on two-factor authentication on all your accounts – it’s a great way to add an extra layer of security.
For many, the tedious work has already begun. One user complained it took all day to fix accounts. They had used the same password on many sites as their Coupang account.
This breach has broken the trust millions place in a service they use daily, forcing customers to check the dark web and reset their passwords. All eyes are on the police investigation to provide answers and accountability.
