Nexon says hacker accessed  13.2 million online game users’ information


The police are investigating the hacking of 13.2 million users of Nexon’s massively multiplayer online role-playing game Maple Story.

On Thursday, Nexon found that Maple Story’s backup server had been hacked, and personal information of 13.2 million of the 18 million registered users stolen.

The company reported the incident to the Korea Communications Commission at about 5 p.m. on Friday and requested the police to investigate the incident.

According to Nexon, the hacker gained access to names, game IDs, resident registration numbers and passwords of the 13.2 million users.

The resident registration numbers and passwords were stored in codified form, the company said.

The investigations are ongoing and police are leaving open the possibility that an insider was behind the hacking or that those responsible had inside help.

Authorities will also determine if the server has been affected by malware, and track the route the malware was implanted in the server if any such programs are found.

“The investigations are ongoing, so we can’t disclose details about the situation,” a Nexon official said. He added that the number of minors affected by the hacking cannot be disclosed and that the number of those who registered to the service using i-Pin codes instead of resident registration numbers is unknown. 

I-Pin codes allow users to register to websites without inputting resident registration numbers.

“The information concerning legal guardians of users who are under 14 years of age is not involved in the hacking as it is stored in a different server.”

Users younger than 14 are required to obtain consent from legal guardians, who are to fill in information to prove their relation with user.

The KCC said that while it is unlikely that codified information could immediately be misused, details will not be known before the system analysis is complete.

Information regarding monetary transactions including credit card and account numbers were not breached in the incident.

With 13.2 million users’ information having been stolen, this is the third-largest case of its kind.

The biggest hacking case occurred in August when servers of the portal site Nate and social networking service Cyworld were hacked, affecting about 35 million users.

The second largest information leak occurred in February 2008 when names, telephone numbers and addresses of more than 18 million people using the online trading site Auction were accessed by hackers.

By Choi He-suk (cheesuk@heraldcorp.com)