Cyber Incident Victim: Naver
Date:
Aug 2014
Location:
South Korea
Summary
A cyberattack targeting South Korea's largest web portal involved stolen personal data of 25 million users, including names, national identification numbers, login credentials, and passwords. The primary suspect purchased this information from a third party and utilized automated hacking tools developed by an accomplice to compromise accounts. Attackers disseminated spam and illicit emails through breached accounts, generating approximately $148,000 in illegal profits. Law enforcement apprehended the two central figures—the data purchaser and the hacking tool developer—alongside three accomplices, while expanding investigations into 86 additional individuals who acquired the malicious software. The affected company acknowledged the external origin of the data breach but denied systemic security failures, emphasizing the broader issue of readily available personal information and recommending password rotation as a mitigation strategy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In March 2014, South Korean authorities apprehended a 31-year-old suspect surnamed Seo for orchestrating a large-scale attack on Naver, the country’s largest web portal. Seo had purchased stolen personal data of 25 million individuals from a Korean-Chinese supplier in August of the same year, acquiring names, residential registration numbers, internet IDs, and passwords. Using this information, Seo systematically hacked into Naver accounts to distribute spam messages and illicit emails, generating approximately 160 million won ($148,000) in illegal profits. The National Police Agency disclosed that Seo’s operation relied on automated hacking tools developed by a self-taught programmer surnamed Hong, whose software enabled brute-force login attempts by entering stolen credentials en masse. Hong’s programs facilitated the extraction of additional account information, which was then funneled back to Seo for further exploitation. Law enforcement arrested both Seo and Hong, while three accomplices were indicted without detention. The investigation expanded to include 86 individuals who had purchased Hong’s hacking tools, highlighting the broader network involved in the attack.
Naver confirmed the compromise of user accounts but attributed the breach entirely to external data theft, emphasizing that its systems were not directly compromised. A company official stated Naver lacked technical measures to prevent account takeovers stemming from third-party data leaks, shifting responsibility to users by advising regular password changes as the primary mitigation strategy. The official explicitly denied any negligence on Naver’s part, framing the incident as symptomatic of systemic issues enabling widespread access to personal information rather than a failure of its security infrastructure. The attack impacted millions of users through unauthorized account access and spam propagation, though Naver did not disclose specific operational disruptions or financial losses incurred by affected individuals. Police efforts focused on dismantling the supply chain of stolen data and hacking tools, with no further details provided about victim remediation or long-term legal outcomes for the perpetrators.