Financial Supervisory Service Conducts On-Site Inspection of Gmarket Unauthorized Payments... Secondary Damage Concerns Widen After Coupang Incident

Financial supervisory authorities have launched an emergency on-site inspection in response to the unauthorized mobile gift card payment incident involving Gmarket. Concerns are mounting over potential secondary damages such as identity theft following the cyber incident.

View original image

On November 29, the same day Coupang disclosed a large-scale data breach, an unauthorized mobile gift card payment incident occurred at Gmarket.

According to the financial sector on December 3, authorities are conducting an on-site inspection after more than 60 Gmarket users reported unauthorized payment incidents.

An official from the Financial Supervisory Service stated, "The company claims that the unauthorized payments were not due to hacking, but rather through account information stolen externally. We are working to verify the actual facts and will also check whether victims are being properly compensated."

It has been reported that the incident occurred when gift cards were purchased using cards registered with Gmarket's simple payment service, SmilePay. The individual damages range from 30,000 to 200,000 won.

Gmarket explained that its internal network was not hacked, but rather that customer information leaked externally was used to randomly access and log in to Gmarket.

If, as the company claims, this was not a hacking incident, the route through which the simple payment passwords and other credentials used for unauthorized payments were leaked is expected to become a key issue.

In particular, since the payment incident at Gmarket occurred on the same day Coupang announced its large-scale data breach, there is speculation that personal information leaked from Coupang may have been misused.

Gmarket posted a notice the previous day, stating, "Due to personal information security incidents at other companies, the risk of secondary damages such as identity theft and phishing is increasing," and recommended users to change their login passwords.

The company also strengthened identity verification procedures for the purchase of cashable items such as gift cards.

The Financial Supervisory Service has also begun an on-site inspection of Coupang Pay, Coupang's fintech subsidiary, to check whether payment information was leaked and to assess its information management practices.

Whether Coupang Pay's payment information was also leaked externally is a key focus of the investigation.

With a series of security and payment incidents occurring, there are growing calls to conduct a comprehensive inspection of major e-commerce and simple payment service providers.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.