in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Security: Korea's MapleStory (Nexon) Gets Hacked, Second Largest SK Breach

South Korea has seen another massive data breach less than three months after its largest breach ever (Cyworld).  A backup server for MapleStory, an MMPORG particularly popular among teens and people in their 20s, was hacked.  Hackers made off with information for 13.2 million South Koreans.  Although MapleStory is a popular game around the world, this latest breach affected Koreans only.

Nexon, the company that runs the game, has gone public with the breach, apologized, and recommended that people change passwords.

Breach Timeline, Details

After compiling the information from numerous sources, it looks like the hack and its aftermath progressed in the following way:

  • NOV 18 - Backup server for MapleStory is hacked
  • NOV 21 - Nexon suspects hack
  • NOV 24 -  Forensics completed, hack confirmed
  • NOV 25 - Korea Communications Commission notified of the breach; Nexon goes public with the story

The breach affects 13.2 million game subscribers out of a total 18 million.  Again, only South Koreans' information was breached.  This breach is ranked the second largest in Korea, the largest being the Cyworld breach from three months ago.

Stolen information includes account IDs, names, and encrypted resident registration numbers and passwords (I assume that the passwords were, technically, hashed, and not actually protected with encryption).

Nexon also collects bank account numbers and other related information (for buying in-game items), but the company clarified that such data couldn't be breached because a third-party company takes care of such details.

The government is investigating the incident, of course.  According to an unnamed government source, there are similarities to the Cyworld hack from three months ago.  Unlike that case, however, the hackers' IP addresses were domestic.  The Cyworld incident was tied to Chinese IP addresses.  At least one media outlet has claimed that this hack was an instance of an advanced persistent threat, where a company is targeted and attacked until the attack is successful.

Criticism

As breaches go, a 7-day turnover from initial breach to public notification is not a particularly slow one.  In fact, it's pretty fast.  Yet, the Korean social media-sphere (or whatever terminology is being used nowadays) is slamming Nexon for being slow.

It sort of reminds me of the Sony PS3 network breach: in that case, Sony had gone public in 8 days or so, and the on-line community's reaction had been about the same.

Plenty of people are showing signs of "breach fatigue". There are more than a handful of instances where the reaction is a "meh, what's new?"

A more germane criticism is that Nexon continued to promote, throughout the week, the advertisement of limited edition virtual items (to go on sale between Nov 24 and Dec 15) for the MapleStory game even as the company was conducting their forensic investigation.  The company chalked up the incident as an oversight due to the personnel being focused on the breach, at the expense of everyday operations.

Personally, I can understand that buying/selling such "items" didn't really pose a problem.  After all, it was a backup server that was hacked, and, again, money issues are handled by a separate company that hasn't been hacked.  From a public relations point of view, though, I've got admit that it's a bit unusual.  I can only imagine that people in marketing weren't made aware of the hack until the company decided to go public with the information, in an attempt to control the message.


Related Articles and Sites:
http://www.koreatimes.co.kr/www/news/biz/2011/11/123_99573.html
http://news.sbs.co.kr/section_news/news_read.jsp?news_id=N1001032800 (Korean)
http://news.sbs.co.kr/section_news/news_read.jsp?news_id=N1001032873 (Korean)
http://news.inews24.com/php/news_view.php?g_serial=620850&g_menu=020200 (Korean)
http://news.jkn.co.kr/article/news/20111126/3591918.htm (Korean)

 
<Previous Next>

Data Encryption Software: Southwark Council Avoids Penalty

Laptop Encryption Software: UK MoD Lost Over 150 Laptops In 18 Months

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.