Editions

ENGLISH

User Data Stolen From Top Auction Site and Sold

한국어

User Data Stolen From Top Auction Site and Sold

Posted April. 21, 2008 04:39,

User Data Stolen From Top Auction Site and Sold. April. 21, 2008 04:39. sukim@donga.com teller@donga.com.

User data leaked from Auction.co.kr has been put up for sale on Chinese Web sites, raising alarm over potential damage from voice phishing or spam e-mail.

The personal information of 10.81 million users was stolen from the popular online shopping site in Korea.

A posting titled, Buy Naver, Auction IDs at a good price, was found on the China-based Internet portal site O2SKY. The posting was put up April 11 before being deleted nine days later, offering the e-mail address and phone number of the seller.

O2SKY is a Jilin-based site for ethnic Koreans in China run by the Yanbian autonomous prefecture branch of China Netcom.

Industry sources say the personal data of Auction users stolen in February are now being traded online.

A police source said, Weve never heard of O2SKY, but we have confirmed the Auction user names are being sold on other Chinese portal sites.

The source said it is still unclear if the leakage in February led to the ID trade. Korean police say they will cooperate with Chinese authorities in the investigation.

Police said the hacking was initiated in China and that the stolen information is thus likely to be put up for sale on many Chinese Web sites.

An online community of the victims has some 270,000 members. Some 1,500 postings have reported voice phishing attempts and spam mail since March 6.

One woman posted on the communitys message board Thursday, A man called me to tell me my brother was hurt and to send him 30 million won immediately. He knew the name of my brother.

I checked with Auction and it turned out that the personal information about me and my brother had been stolen.

An Auction source said the sites passwords are coded and thus the theft of user information is unlikely to lead to other crimes. The source also ruled out compensation to the victims unless voice phishing or spam mail is proven to be the direct result of the leakage.