Kakao slapped with record $11 mn privacy commission fine
이 글자크기로 변경됩니다.
(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.
The Personal Information Protection Commission (PIPC) held a plenary meeting on Thursday and decided to impose a fine of 15.1 billion won and an additional penalty of 7.8 million won on Kakao for violating personal information protection obligations by exposing vulnerabilities in the open chat rooms.
The fine on Kakao is more than double the previous highest fine of 7.5 billion won for Golfzon.
The investigation by the PIPC began in March 2023, following reports that KakaoTalk open chat users’ personal information was being illegally traded. Advertisements offering to extract the real names and phone numbers of participants in open chat rooms were found on a website that trades online marketing programs.
According to the PIPC, hackers found users’ temporary username in the open chat rooms, then used KakaoTalk’s “add friend” feature and illegal hacking programs to obtain their member serial number alongside other information. This data were combined to create personal information files which were then sold on platforms like Telegram.
“We confirmed that information of 696 open chat room users were posted on a specific site, and that hackers accessed at least 65,719 personal information records,” according Nam Suk, director-general for investigation and coordination at the PIPC.
The PIPC concluded that Kakao did not encrypt the temporary IDs of participants in the open chat service, making it easy to identify the member serial numbers, and the inclusion of regular chat member serial numbers in the temporary IDs was pointed out as a significant cause of the data hack.
Kakao also failed to thoroughly inspect and address the potential for personal information leaks even after various malicious activity methods using KakaoTalk’s application programming interface (API) surfaced in developer communities.
For its part, the company argued against the commission’s claim of violating safety measures by not encrypting temporary IDs. “The member serial number and temporary ID are numeric strings that do not contain any personal information and thus cannot be used to identify individuals,” it said. “The service serial numbers generated by the business operator are not subject to encryption under the relevant laws, so not encrypting them should not be considered a legal violation.” Kakao also clarified that it had encoded temporary IDs for operation and management since August 2020 and applied stronger encryption to open chat rooms created afterwards.
Regarding the sale of information combined with the member serial number by hackers, Kakao said that “the other information used was not leaked from our side.”
“It was independently collected by hackers through illegal means and should not be considered when judging our compliance,” it added.
Copyright © 매일경제 & mk.co.kr. 무단 전재, 재배포 및 AI학습 이용 금지
- 김호중 소주 10잔 정도 마셨다더니…업소 직원 ‘충격진술’ 혼자서만 - 매일경제
- 20%대 역대 최저 지지율에…조기 선거 승부수 꺼낸 ‘이 남자’ - 매일경제
- “설마 했는데, 결국 현실 됐다” 직장인 소득 마이너스…1분기 가구 실질소득 7년來 최대폭 감
- “뇌출혈 장기입원해도, 암진단 받아도 보험금 못줘”…당당한 보험사 왜? - 매일경제
- 사고 전 비틀대며 차량 탑승…김호중 CCTV 확보한 경찰 ‘만취 판단’ - 매일경제
- 유인촌, 민희진 방시혁 분쟁·김호중 사건에 “걱정도 되고 실망도” - 매일경제
- [단독] SKC, 미국서 보조금 1000억 받는다…한국 반도체 소부장 최초 - 매일경제
- 가수 이문세가 왜 거기서 나와?…윤 대통령 李 부부와 만남 포착 - 매일경제
- “韓평균임금 5만달러 육박, 日과 격차 더 벌렸다” ...대·중기는 2배 차이 - 매일경제
- 3골->12골 환골탈태 황희찬, 2023-24 EPL에서 가장 발전한 선수 4위 선정 쾌거! - MK스포츠