Feb 10 2008

Chinese hacker steals user information on 18 MILLION online shoppers at Auction.co.kr

Published by at 7:20 pm under Hacking for money

According to Hackbase.com, South Korea’s oldest and largest online shopping site (Auction.co.kr) has claimed it was attacked by a Chinese hacker who made off with the user information on 18 million members and a large amount of financial data. It is further claimed that Auction.co.kr delayed 20 hours after the attack before comfirming the loss of information. Korean users rebuked the website for being too slow to act. It was confirmed that the attack was launched through China’s internet.

Auction.co.kr also confirmed that after the incident, they received a phone call offering to exchange the user information for money.

The Chinese hacker did not directly attack the server, instead s/he took a roundabout strategy. The hacker sent out bulk e-mailings to the auction staff containing “hacker procedures” (I’m guessing this means with Trojans attached). When the staff members confirmed the e-mails, the hacker was able to gain their IDs. The hacker was then able to login to the Auction server using the staffer’s ID.

7 responses so far

7 Responses to “Chinese hacker steals user information on 18 MILLION online shoppers at Auction.co.kr”

  1. Eastwoodon 10 Feb 2008 at 9:29 pm

    Looks like Chinese hackers really rely on social engineering. Perhaps that the most effective approach for them?

  2. Heikeon 10 Feb 2008 at 10:31 pm

    I seem to remember reading a story by Kevin Mitnick that said hacking was really about making the other person believe you were someone you were not.

    The Chinese hackers seem to have taken this to heart and developed it into a science. It also goes back to their beginnings and the first programs they used based off Cult of the Dead Cows’ Back Orifice program.

  3. [...] Korea’s oldest and largest online shopping site, Auction.co.kr, has reportedly claimed it was attacked by a Chinese hacker who made off with the user information [...]

  4. Kevinon 18 Feb 2008 at 8:09 am

    Korea Auction (auction.co.kr) is an ebay(US) company.

  5. Heikeon 18 Feb 2008 at 8:51 am

    Kevin,

    Was it finally bought out by eBay? Didn’t really do much research on the company and the only article I saw was an old one in 2001 that said it was a joint-venture, with eBay holding majority stake.

    http://investor.ebay.com/releasedetail.cfm?ReleaseID=30278

  6. [...] Full post from the Dark Visitor (interesting site), here. [...]

  7. [...] linked to this article indicating that the hackers responsible for compromising the Korean auction site several months ago have been arrested in the PRC.  The article goes on to describe some interesting details such as: [...]