Coupang Data Breach: An Inside Look at the Incident
In a recent development of a data breach involving Coupang, a former employee took drastic measures to cover their tracks. The individual reportedly smashed their MacBook Air and disposed of it in a river, as revealed in a December 25 update from the company.
Panic Strikes After the Breach
The sense of urgency appeared to have hit the alleged perpetrator when news outlets began reporting on the data breach. According to Coupang’s update, the individual shared details about destroying the laptop: it was placed in a canvas bag along with bricks before being thrown into the water.
Coupang collaborated with divers who were able to retrieve the laptop based on the employee’s description. When recovered, the laptop was found in the very bag he had described, along with the matching serial number linked to his iCloud account.
Customer Reassurance Amidst Investigation
In light of these developments, Coupang took to its platforms to reassure customers. The company has committed to fully cooperating with the authorities investigating the breach. They also announced a plan to compensate affected users with vouchers valued at approximately $35 (50,000 won) each to help restore customer confidence.
Scale of the Breach: Smaller Than Initially Thought
Coupang’s updates aimed to provide clarity regarding the scale of the breach. While early reports suggested that the data of over 33 million users may have been compromised—leading to the resignation of the company’s CEO—subsequent investigations revealed that the former employee had actually accessed a limited number of accounts. The company clarified that while the employee accessed the data of 33 million accounts, he retained data from only about 3,000 users and deleted it later.
Nature of the Data Compromised
The data that was retained included specific details such as names, email addresses, phone numbers, and partial order histories. In total, Coupang reported that 2,609 building entrance codes were among the accessed information. Importantly, the breach did not compromise financial information, login credentials, or individual customs numbers. Coupang emphasized that no data was transferred to third parties during this incident.
To conduct a thorough investigation, Coupang partnered with specialized firms, including Mandiant, Palo Alto Networks, and Ernst & Young.
The Perpetrator’s Confession
Coupang indicated that they identified the alleged responsible party using “digital fingerprints” and other forensic evidence. The former employee reportedly confessed and detailed precisely how he accessed the user data. He utilized an internal security key—which he had taken while still employed—to access “basic user data” across more than 33 million accounts.
The company reiterated that its findings align with the statements made by the former employee, aiming to reassure customers that, while the breach was concerning, it was not as severe as first reported. Coupang highlighted the consistency of forensic evidence with the perpetrator’s claims, further stating that there was no conflicting evidence found during the investigation.
Access and Additional Findings
The alleged perpetrator admitted to using both a personal desktop PC and the MacBook Air to gain access to Coupang’s systems, which aligns with an independent forensic investigation confirming that the breach involved these two primary devices. The former employee also surrendered his PC and four hard drives, which contained scripts utilized in the attack.
Through these revelations, Coupang is striving to maintain transparency and provide reassurance to its customers in the aftermath of this unsettling event. The company is committed to implementing measures to enhance security and prevent future incidents.
