SK Communications Co. said on Thursday that personal information of its 35 million online users has been hacked, marking South Korea’s worst online security breach and sparking fears that the leak could lead to massive online and voice scams in coming weeks.

“The company has confirmed that a leak of customers’ information has taken place due to hacking on July 26,” SK said in a statement. “The specific scale of the hacking is still being investigated, but it is estimated that some of the personal information of 35 million Nate and Cyworld members have been leaked.”

Nate is the country’s third-most visited Web search engine and Cyworld is the biggest social networking site with 25 million users, which accounts for half of the South Korean population.

SK Communications, which runs Nate and Cyworld, is a unit of the SK Group whose affiliates include top mobile operator SK Telecom.

Police said they would launch an investigation into the hacking incident at SK. The Cyber Terror Response Center, a police division dealing with crimes in cyberspace, is expected to identify who committed the hacking.

SK Communications said the hacking originated from a malicious code in China, an allegation that has yet to be verified by police investigation.

The hacking of the country’s major website comes after a host of Korean online firms suffered from similar cyber attacks amid heightened worries over lack of security protection. A vicious cyber attack paralyzed the computer system of the National Agricultural Cooperative Federation, or Nonghyup, in April and 18 million users of Internet Auction Co., a unit of U.S.-based eBay Inc. had to change their password due to a security breach in 2008.

The latest hacking involves SK users’ names, phone numbers, email, resident registration numbers and passwords. SK Communications said the members’ password and resident registration numbers are protected through high-level encryption, but plan to set up a hotline for handling the hacking incident to stem secondary damage in the form of voice phishing and spam mail.

As with previous hacking incidents, Cyworld and Nate members are likely to receive more spam messages or fake calls from phishing firms.

SK Communications CEO Joo Hyung-chul issued a formal apology on Thursday: “Concerning this incident, we offer our apology to our customers and have taken all the necessary measures to minimize the impact and identify the cause and retrieve customer information in cooperation with the authorities.”

Particularly worrisome is the security breach for Cyworld, the country’s most popular social network service, a pioneer that had sparked the boom of photo-sharing among friends and family members. Although Cyworld has seen its popularity decline in the past couple of years, particularly with the introduction of foreign social services such as Twitter and Facebook, the local service still handles a huge amount of data including personal photos, videos and articles generated by its 25 million users.

Nate is a latecomer in the portal service market, but it has risen to rank third here, intensifying its competition with its bigger rivals Naver and Daum. The hacking of Cyworld and Nate, considering the size of the subscriber base at both services and their close integration with mobile phone services of SK Telecom, is expected to have a strong impact on the companies involved.

Shares of SK Communications, listed on the tech-heavy KOSDAQ stock market, plunged 5.95 percent to 17,400 won. Its sister firm SK Telecom saw its share price drop 2.64 percent to close at 147,500 won.

By Yang Sung-jin (insight@heraldcorp.com)

<한글기사>

네이트ㆍ싸이월드 회원 3천500만명 정보 유출

네이트와 싸이월드 회원 3천500만명의 개인정보 가 해킹으로 유출된 사실이 뒤늦게 확인됐다.

SK커뮤니케이션즈는 지난 26일 외부 해킹으로 네이트와 싸이월드 회원 3천500만명의 고객 정보가 유출된 사실이 있다고 28일 밝혔다.

네이트와 싸이월드의 전체 회원 수는 각각 2천500만명과 3천300만명이다.

아직 정확한 유출 규모는 파악되지 않았으나 현재까지 확인한 유출 정보는 ID와 이름, 휴대전화 번호, 이메일 주소, 비밀번호, 주민번호 등이다.

SK컴즈는 주민번호와 비밀번호는 암호화돼 있어 유출되더라도 사용할 수 없다고 강조했다.

SK컴즈는 이번 고객정보 유출이 중국발 IP 악성코드에 의한 것으로 수사기관 및 관계기관에 조사를 의뢰했다고 밝혔다.

또 유출된 개인정보가 전화금융사기나 스팸메일 등으로 악용되는 것을 막기  위 해 전 사용자를 대상으로 이메일 고지를 하고 전화금융사기 및 스팸메일 차단  프로 그램을 신속히 운영하겠다고 밝혔다. (연합뉴스)