Hacked user data from Coupang could be used for scams, identity theft: Authorities
![A text from Coupang informs a customer that their data has been leaked, on Nov. 30. [KIM HYUN-DONG]](https://img4.daumcdn.net/thumb/R658x0.q70/?fname=https://t1.daumcdn.net/news/202512/01/koreajoongangdaily/20251201070238503nuuo.jpg)
Roughly 33.7 million Coupang user accounts were affected in a massive data breach, raising concerns over potential secondary crimes, including phishing scams and identity theft.
Coupang disclosed on Saturday that personal information from approximately 33.7 million customer accounts had been leaked without authorization. The compromised data includes names, phone numbers, delivery addresses, email addresses and some order details.
A Coupang spokesperson stressed in a phone call that “payment information, credit card numbers and login passwords were not leaked and remain securely protected," but authorities and experts warn that even limited personal data can be used in various types of fraud, such as text messaging fraud and voice phishing, stock trading scams, account takeovers and credit or identity fraud.
On Saturday, the Ministry of Science and ICT, the Personal Information Protection Commission and the Korea Internet and Security Agency (KISA) issued a nationwide security alert, urging the public to beware of fraudulent messages promising refunds or compensation and attempts to trick users into installing remote control programs on their phones or computers.
On social media and online forums, users have voiced anxiety over secondary risks. Some said they were proactively changing their personal customs clearance codes — unique ID numbers required for overseas purchases — or quitting the platform altogether. Others raised concerns that, because Coupang delivers directly to customers' doors, even shared entry codes to buildings may have been compromised.
Experts advise that users immediately change any data that can be updated. KISA said that once account data is leaked, it is often sold and misused repeatedly without the user's knowledge. One common method is credential stuffing — a cyberattack where stolen usernames and passwords are tested on other sites to hijack accounts.
![Coupang headquarters in Songpa District, southern Seoul, is seen on Nov. 30, a day after the company announced that data from 33.7 million customer accounts has been leaked. [WOO SANG-JO]](https://img1.daumcdn.net/thumb/R658x0.q70/?fname=https://t1.daumcdn.net/news/202512/01/koreajoongangdaily/20251201070240073xfji.jpg)
“Attackers could combine the information leaked from Coupang with details from previous breaches, like the one at Lotte Card in August that included card numbers, PINs and resident registration numbers,” said Youm Heung-youl, a professor of cybersecurity at Soonchunhyang University. “Anyone using the same password across Coupang and other online services should change all of them immediately and enable two-factor authentication where possible.”
Hwang Suk-jin, a professor at Dongguk University’s Graduate School of International Information Security, warned that phone numbers may be used by criminals to add users as friends on KakaoTalk, download profile images and even create deepfake content.
Others said users should immediately change any address-related details, including entry codes to apartment buildings. Kwon Hun-yeong, a professor at Korea University’s Graduate School of Information Security, said, “Coupang’s service is integrated across online and offline operations. If this data falls into the hands of criminal networks, it could lead not only to phishing but also to stalking and other crimes.”
Posts expressing similar fears — such as “I’m afraid someone might enter behind me after I type the door code” — have appeared on local parenting forums and on X, formerly Twitter.
![A Coupang delivery truck is seen at a company garage in Seoul on Nov. 30. [YONHAP]](https://img1.daumcdn.net/thumb/R658x0.q70/?fname=https://t1.daumcdn.net/news/202512/01/koreajoongangdaily/20251201070241738stms.jpg)
To calm growing public concern, experts are calling on Coupang and government agencies to preemptively share updates on the situation and disclose additional risks transparently. “Investigations into data leaks can take more than two to three years, especially if international cooperation is lacking,” said Prof. Hwang. “During that time, it’s crucial to disclose any further leaks or secondary damage to rebuild public trust.”
Amid speculation that the breach may have been carried out by an insider with Chinese ties, some far-right online communities have spread conspiracy theories claiming that China orchestrated the attack to undermine Coupang and push users toward Chinese e-commerce platforms like AliExpress and Temu.
On Sunday, Vice Prime Minister and Science Minister Bae Kyung-hoon announced that the government will begin a three-month intensive campaign to monitor personal data exposure and illegal online distribution starting immediately.
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom. BY KIM JEONG-JAE [yoon.soyeon@joongang.co.kr]
Copyright © 코리아중앙데일리. 무단전재 및 재배포 금지.
- Four arrested for hacking surveillance cameras to produce pornography
- Soldier gets four-month sentence for faking injury to return to unit
- More foreigners than ever staying in Korea, as numbers of seasonal workers and tourists rise
- Ulsan defender Jung Seung-hyun confirms ex-coach slapped him after footage goes viral
- Between crisis and calm: How Cambodia became two places at once
- Kim Jong-un pledges new missions, assets for air force as branch marks 80th anniversary
- Korean men's basketball breaks China losing streak with 80-76 win in FIBA World Cup qualifiers
- Coupang criticized over lax spending on security in wake of large-scale hack
- Day 1 of the 2025 MAMA Awards in Hong Kong — as it happened
- Min Hee-jin emphasizes support for DP after allegations she told ADOR employees not to vote for party