Original URL: http://www.theregister.co.uk/2014/03/27/south_korea_naver_hack_arrest_25_million/

Naver raver charged over 25 MEEELLION account breach palaver

£90,000 heist made possible after South Korean portal yields its secrets

By Phil Muncaster

Posted in Security, 27th March 2014 07:33 GMT

A 31-year-old South Korean has been charged with using stolen personal information to hack the online accounts of 25 million users of the country’s popular Naver portal.

The Asian nation’s National Police Agency said the suspect purchased the data – including names, addresses, internet IDs and passwords – back in August last year, according to the Korea Herald.

The man, surnamed Seo, apparently then used the details to hack the accounts and send out spam messages and other “illicit emails”, the content of which is not mentioned in the report.

Seo is said to have made 160 million won (£90,000) worth of ill-gotten gains.

Also nabbed was a hacker by the name of Hong who developed information slurping malware. Some of the personal info he lifted from Naver subscribers was apparently used by Seo to log-in to the accounts.

The police charged three accomplices of Seo and are broadening the investigation to 86 others who are said to have bought malware developed by Hong.

For the record, a Naver spokesman distanced the company from the attack, telling the paper that the problem was down to the ready availability of personal info on the black market in Korea and not the fault of the internet giant.

He’s got a point. South Korea has seen a spate of high profile mega-breaches of late, exposing the data of tens of millions of locals.

Earlier this month account information belonging to 12 million customers of telco KT Corp was half-inched.

In January it emerged that the personal details of around 20 million people may have been breached after an employee at the Korea Credit Bureau was arrested on suspicion of selling the data to marketing firms.

However, the biggest so far was the attack on social site Cyworld and the Nate web portal, which exposed personal details on as many as 35 million users. ®