Three quarters of South Korea popped in online gaming raids

Records used to plunder game items, sold off to low lifes

7 Reg comments Got Tips?

Three quarters of South Korea's population have been compromised in a massive data breach affecting 27 million people.

The nearly incomprehensible breach was revealed when 16 individual were arrested after selling the records relating to victims aged between 15 and 65 years-old.

The records included names account logins including passwords and resident registration numbers pilfered from various online services and game sites, Korea's Joongang Daily reported.

Police estimated the breach caused in secondary damages alone nearly $2m after one criminal dubbed "Kim" bought the huge credential cache from a Chinese cracker.

Kim bagged almost $400,000 by hacking six online games using the details and gave the Chinese cracker a $130,000 cut.

The buyer used the creds to steal items from gaming accounts and sold off to other players. They were said to have used a hack tool dubbed "extractor" that would log into user accounts and pilfer the loot.

Whenever passwords were incorrect, Kim would buy user information from South Korea identity cards and issue dates from a dodgy mobile phone provider in order to change the login information.

The unscrupulous Kim also sold off the personal information to mortgage fraudsters and illegal gamblers for less than 30 cents a pop.

Those low value sales led to $2m in damages, police estimated.

The location of the buyers was not detailed in the report.

Seven suspects including the Chinese cracker were being sought by police.

The breach was bad, but not as damaging as the South Korea Mega Hack™ in which 35 million people in the country were exposed after social media site Cyworld and the Nate portal were popped.

That attack exposed names, phone numbers and email addresses among other records.®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020