27 Million South Koreans Victimized In Online Gaming Heist

  /     /     /  
Publicated : 22/11/2024   Category : security


27 Million South Koreans Victimized In Online Gaming Heist


16 suspects arrested in South Korea as authorities pursue additional suspects, including a Chinese hacker.



South Korean authorities are investigating a massive and widespread breach of personal information on some 27 million online gamers in that nation in what a report there says makes up more than 70% of South Koreas population of people between the ages of 15 and 65.
According to
a report by Koreas JoongAng Daily
, the South Jeolla Provincial Police Agency has arrested a 24-year-old man with the last name of Kim, who acquired names, registration numbers, account names, and passwords on the 27 million victims, from a Chinese hacker he met in 2011 in an online game. They have arrested 15 other suspects as well, and are pursuing more.
Kim allegedly used the stolen credentials and information to pilfer hundreds of millions of
won
, equivalent to around US $400,000, in online gaming currency from six online games in Korea. He gave a cut to the Chinese hacker, according to the report, and sold some of the stolen information to others in the black market.
Online gaming is wildly popular in South Korea, so its no surprise cyber criminals would target that community, says Adam Kujawa, head of malware intelligence at Malwarebytes.
Its unclear whether the gamers credentials originally were stolen via a drive by attack on the gaming websites, or if the hacker who grabbed them used a password-cracking tool, he says. They could have been testing known passwords and usernames, and had a tool that automatically tries to log in using these credentials. Once they worked, they were able to steal money.
Or the attackers used a key logger to sniff the credentials when the victims logged in, says Kujawa.
Regardless, two-factor authentication would have kept the accounts safe from this scam, with a temporary one-time password, for example, he says. I think two-factor authentication should be required for gaming. The online gaming community sometimes offers incentives to get users to configure their accounts for two-factor, such as free in-game special items for users who register for two-factor authentication.
This shows how easy it was for these attackers to exploit gamers, Kujawa says. I think it was fairly significant and an eye-opener... The population of people playing [online gaming] is growing, therefore so is the population for potential victims.
Kim reportedly sold some of the stolen information to mortgage fraudsters and phony gambling advertisers as well, and made billions of wons worth of fraudulent transactions.
South Korea has had its share of data breaches: Earlier this year, an employee of the Korea Credit Bureau allegedly stole personal information on some 20 million citizens, and in 2011, personal information of some 35 million users of a social network and search engine was exposed. 

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
27 Million South Koreans Victimized In Online Gaming Heist