FSS inspects Payco’s signature key leakage case

입력 2022. 12. 7. 22:28
글자크기 설정 파란원을 좌우로 움직이시면 글자크기가 변경 됩니다.

이 글자크기로 변경됩니다.

(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.

Tech giant NHN’s mobile financial service Payco (Payco)

South Korea’s top financial watchdog on Tuesday launched an on-site inspection of NHN’s mobile payment service Payco after news that its signature key was leaked broke the day before.

This key is a tool that app developers use when registering and distributing their apps on app stores. It certifies that an app is developed by a certified company—in this case, Payco. Apps that used this signature key are considered safe and not detected as malicious by security programs.

Back in August, Payco found out that its key was leaked, but did not make any public announcement about the issue.

The leakage was revealed on Monday when security solution company Everspin sent out a notice to its clients, including KB Kookmin Bank and NH Nonghyup Bank, warning them to be careful of downloading malicious apps that may be developed and distributed with Payco’s leaked key. The security solution company also added that it has detected 5,144 apps that are created with the leaked key between Aug. 1-Nov. 30.

The financial watchdog will mainly look into whether there was any managerial liability on Payco’s part that led to this leakage. If the payment service is found to be responsible, there will be a further inspection conducted by the FSS.

The FSS also warned customers only to download apps from official app markets and not access them through URL links that are spread through channels like social media.

Meanwhile, the NHN on Wednesday apologized to its service users, adding that it is cooperating with a security solution company to monitor apps that were created with the leaked key and looking for a way to classify them as malicious apps.

The company added that it finished updating its service using a new signature key as of Tuesday night.

The payment service provider also said that there are not any victims from this leakage incident so far, and stressed that no personal information of its clients had been leaked.

By Song Seung-hyun(ssh@heraldcorp.com)

Copyright © 코리아헤럴드. 무단전재 및 재배포 금지.

이 기사에 대해 어떻게 생각하시나요?