South Korea has arrested 16 suspects in connection with a multi-million-dollar fraud enabled by the theft of online gaming credentials from 72% of the country’s adult population.
The cyber criminals are believed to have used the data to steal hundreds of thousands of dollars’ worth of online game currency and commit fraud worth millions of dollars, according to reports.
Authorities said one 24-year-old suspect, identified only by the surname Kim, is believed to have obtained the online gaming credentials of 27 million South Koreans from a Chinese hacker he met in an online game in 2011.
Kim allegedly used the data to break into six online games in South Korea to steal online game currency.
He is believed to have gained nearly $400,000 worth of online currency and shared just under $130,000 with his Chinese partner.
Kim is also believed to have used the credentials to break into several online services to extract personal information about users, including bank details.
This stolen data was then sold to mortgage fraudsters and illegal gambling advertisers, who in turn caused $2m worth of losses.
The mortgage fraudsters appear to have used Kim’s information to deceive hundreds of South Koreans for over a year from 2012 to 2013.
This is the third major breach of personal data to be reported in South Korea.
In 2011, hackers broke into two of the country’s most popular social networking sites, stealing data from 35 million users of Nate and Cyworld.
And in January 2014, an IT contractor for the Korea Credit Bureau was arrested for copying and selling the personal credit card information of almost 20 million Koreans.
Amichai Shulman, chief technology officer at security firm Imperva, said the latest case proves that personal data has monetary value.
“One way or another, it seems that personal information is still relatively easy to monetise and is therefore a valuable target for hackers,” he said.
Independent security analyst Graham Cluley said none of the six Korean gaming platforms had provided any real details of how the personal data was leaked.
“While security professionals love to write about password security and how individuals can protect themselves, the onus is on the company to provide a safe and secure online environment for their gamers,” he wrote in a blog post.
In the US, the value of personal data has driven a series of data breaches at large retailers in recent months.
Data breaches have been reported by Target, Neiman Marcus, Sears and Michaels, affecting millions of US cardholders.
Earlier this month, US hospital group Community Health Systems revealed that hackers had gained access to 4.5 million patient records in a cyber attack from April to June 2014.
27 Aug 2014