Coupang, which suffered a data breach affecting 33.7 million customers, is now facing claims that former employees accessed company information through internal messenger accounts even after resigning. This directly contradicts CEO Park Daejun's statement that "departed employees' access rights are immediately revoked."

Getty Images

원본보기 아이콘

According to The Asia Business Daily's coverage on December 3, former Coupang employees were able to check meeting details and work-related conversations for several months after leaving the company via their internal Slack messenger accounts. Due to the company's active remote work environment, business was conducted through Slack, and the accounts remained active even after resignation, allowing access to colleagues' conversations. A former Coupang employee stated, "There were internal security vulnerabilities," adding, "Some contract workers' Slack accounts remained active for a considerable period after leaving, enabling them to access company chat rooms and review internal discussions."

Daejun Park, CEO of Coupang, attended the current issues inquiry at the National Assembly Science, ICT, Broadcasting and Communications Committee plenary meeting on the 2nd and responded to questions. On the right is Brett Mattis, CISO of Coupang. Photo by Hyunmin Kim

원본보기 아이콘

A Chinese national who worked as a Coupang security authentication developer resigned in December last year but managed to steal the personal information of 33.7 million accounts between June 24 and November 8, 2025. This has led to criticism that Coupang failed to follow even the basic procedure of “deactivating internal accounts of departed employees.”

In response, CEO Park explained during the emergency current issues inquiry at the National Assembly Science, ICT, Broadcasting and Communications Committee the previous day that "departed employees' access rights are immediately revoked." Coupang maintains that the developer did not access the data using a company account or permission, but rather stole a core signing key during employment and used it to extract customer information.

However, considering that Slack accounts of former employees were actually maintained for a long period, there are concerns that the attacker may have obtained clues to access the internal security system even after resignation.

Getty Images

원본보기 아이콘

Given Coupang's large remote workforce, the company should have strengthened online access controls, but it is being criticized for failing to follow basic security procedures. When customers log in, Coupang issues a kind of "access card (token)" that is verified using the company’s "seal" (signing key). The attacker used this seal to generate fake tokens externally and gain access to customer accounts. Brett Mattis, Coupang's Chief Information Security Officer (CISO), also stated, "It appears the attacker used IP addresses from various sources to extract data," adding, "Because the volume did not exceed our system's threshold, it seems the breach went undetected."

Although Coupang has an "abnormal transaction detection system (FDS)" that analyzes users’ access patterns, times, IPs, and device changes in real time to detect suspicious activity, it failed to catch even basic warning signs such as abnormal access and mass token generation. Kim Seungjoo, Professor at Korea University’s Graduate School of Information Security, said, "If the FDS had functioned properly, it could have prevented an insider from accessing the electronic signing key and mass-producing authentication tokens in advance," and added, "I believe the anomaly detection system was generally too weak."

Unlike typical hacking incidents, this breach stemmed from poor insider management, raising concerns about secondary damage. Assemblyman Kim Jangkyum of the People Power Party pointed out during the inquiry, "Since the method used in this breach did not involve a company account but rather accessed the system like a Coupang service user, if IDs and passwords were leaked, couldn’t this allow access to Naver or other e-commerce accounts as well?" Professor Kim responded, "If Coupang's insider management is inadequate and IDs and passwords are leaked, such scenarios are indeed possible."