Hacked identities touted for as little as 100 won apiece


The number of leaked Korean social security numbers available online is likely to skyrocket as a massive social network hacking attack left more than three quarters of the nation exposed.

A quick search using the keywords, “Korean social security numbers,” on Baidu, a Chinese Internet search engine, showed about 1.39 million results.

And sites like these offer stolen identities for as little as 100 won ($.09), complete with social security numbers, addresses, cell phone numbers and even when and what kind of credit card the owner registered for.

One link contained a document which included names and social security numbers of Korean residents here, and in just 10 days, the site was viewed over 2,200 times with the document downloaded more than 130 times. The only thing stopping certain disaster for the owners was a disclaimer on the site saying “Please only use for games, do not use it for other illegal purposes.”

Also being tossed around on these sites are Korean social security number generators, by which one can access numbers of more than 5,000 registered Korean residents.

The number of Korean identities floating in Chinese cyberspace is likely to increase as Korean corporate and government sites are being hacked regularly. The latest hacking attack, whose IP originated in China, left some 35 million users of Cyworld and Nate, both operated by SK Communications Co., open to identity theft last week.

The majority of the numbers obtained by Chinese users illegally are for less damaging purposes.

“I’m trying to use a Korean server to play games, but it says it needs a Korean social security number, but the one I have won’t work and I don’t know why,” expressed one frustrated Chinese netizen.

“There are too many Chinese people playing Korean games, and the social security numbers available online have already been used,” replied another.

Conversations like the one above are commonplace as most of the numbers are used to register accounts for Korean gaming sites, hallyu fan sites, and TV and movie sites.

One Chinese site offered detailed instructions on how to register for a Korean online gaming account, along with the numbers to register with.

And although there have yet to be formal claims of phishing or other fraud schemes in connection with the hacking at Cyworld, the possibility still lurks.

The South Korean Embassy in China has been actively pushing for the Chinese government to help in deleting leaked personal information overflowing on the Web, but its responses have been lukewarm.

“Even though one may not feel the effects of being hacked right away, becoming indifferent to the danger, voice phishing and other frauds can bring about a lot of harm,” warned a police official.

The latest attack on Cyworld is only the most recent in a string of hacking attacks, including on Nonghyup this year.

Many experts agree that websites requiring a load of information raises the risk of identity theft.

“We’re hoping to address this issue by having more users, meaning both website operators and those on the consumer side, opt for I-PIN methods when they create accounts, said Ahn Jung-eun a spokesperson for the state-run Korea Internet Security Agency.

I-PIN is short of Internet Personal Identification Number and is used to identify users without requiring them to expose their social security numbers.

By Robert Lee (robert@heraldcorp.com)