Log in

Posts Tagged ‘South Korea’

13 Million gamers exposed to data theft following a breach at Nexon

November 29th, 2011

Hack on backup server of Maple Story

We are back with another case of data theft that involves gamers IDs being stolen. We are talking about the latest breach in the gaming industry, the Nexon Security Breach.

Around 13 million gamers have been exposed to ID theft following a breach at gaming company Nexon.

The gamers information includes names, usernames, encrypted resident registration numbers and password hashes. Nexon maintains the popular online role-playing game, Maple Story. The breach was followed by a hack on a backup server for Maple Story last week. Fortunately data of the 5 million customers using other games maintained by Nexon was not breached.

According to the company’s spokesperson the incident took place on 24 November and it had informed law enforcement agencies to investigate urgently. This breach was only limited to players of the online role-playing game Maple Story. Nexon added that Maple Story is “completely independent of the service”.

The official further added that the exposed details did not include information on financial transactions or bank account numbers and had not affected overseas subscribers of the online game.

For prevention sake, the company has requested game subscribers to change passwords although the exposed data is said to be encrypted. As of today the total subscription membership of Maple Story is about 18 million. Minors are also members of this site and have a legal consent of their parental guardians. Nexon reports that “The information concerning legal guardians of users who are under 14 years of age is not involved in the hacking as it is stored in a different server.”

This breach has chosen a bad timing for Nexon as it is in the midst of planning an IPO. The IPO is planned for Dec 6.

This is what one encryption expert had to say about the case “This is unfortunately the latest in a string of attacks against gaming sites; hackers have realised that they represent a virtual treasure trove of personal consumer data,” Pauker said. “It’s time for the gaming companies to realise that security can’t be an afterthought. Good security is just as important as good graphics.”

This is a wake-up call for Nexon and it is bolstering its security policies. As a freebee it is offering game items to gamers who agree to change their passwords.

Alertsec offers data security services

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: Gamer identity theft Initial public offering IPO MapleStory Massively multiplayer online role-playing game Nexon NEXON Corporation Online game South Korea

Data breach leaves 35 million South Koreans in a lurch

August 2nd, 2011

Cyworld hit by hackers last Thursday

Headline

There was a hacking attack on Nate and Cyberworld, companies run by SK communications.

About SK

SK Communications operates the Cyworld social-networking site and the Nate portal site.

Cyworld is the biggest social-networking site with 25 million users and Nate is the third most popular Web search engine. A hotline is being set-up to help people deal with spam and from becoming a victim of phishing scams that could arise from this massive data breach.

Cyworld is very popular with the young generation in South Korea. It did try to compete with Facebook and MySpace but failed to gather users. Hence was pulled out from the competition in 2010. The site is gaining popularity in Vietnam and China, though.

The story in detail

According to a statement by SK “The company has confirmed that a leak of customers’ information has taken place due to hacking on July 26,. “The specific scale of the hacking is still being investigated, but it is estimated that some of the personal information of 35 million Nate and Cyworld members has been leaked.”

Personal data including names, addresses, phone numbers, registration details were accessed by computers in China. The IP addresses were tracked down to China and malicious software was used for hacking.

China has been in the news in the past few months for various global cyber-attacks. There’s a strong possibA recent breach of Google’s Gmail service is thought to have originated from the country. Meanwhile, China has strongly denied any involvement.

Some lessons learnt the hard way

Such incidents must be investigated and new security laws ought to be brought in. Companies with poor security could get prosecuted if they do not update their security system. Use of sensitive and personal information of users must be strictly avoided. Social security numbers are the most risky ones hence they ought to be avoided at all costs.

Personal info always attracts hackers and they go to any lengths to get it.

Post breach

Stock prices of the telecommunications giant SK Telecom has fallen down. Superiors fear that the recent data loss may leave a bad impression on its clients. Clients are very angry that there are personal info has been compromised.

Cyworld users are getting calls from lawyers convincing them to file class-action lawsuits. The crisis has left SK’s network vulnerable.

“It was extremely frustrating to see a message pop up while chatting with my friend that read `You’ve been hacked,’’’ said Nate user Kim Jeong-eun, who plans to sign up for the class-action lawsuit.

The worst that could happen is information-sensitive Koreans might move from SK Communications to another social media and Internet service.

Information stays secure with Alertsec

Organisations and individuals are being trained to handle their data security in a better way. Names like Sarbanes-Oxley, PCI Data Security Standard, HIPAA, and the Data protect Act are all examples of guides for different industries and sectors. Companies are expected to have an information security policy in place to safeguard the information.

With Alertsec, your data can remain safe. It uses encryption software to protect your data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: china Cyberworld Cyworld Enter your zip code here Hackers IP address MySpace Nate SK Telecom South Korea Web search engine

“SEEN or HEARD anything?” about the Laptop

April 21st, 2010

: Image via Wikipedia

While delivering his talk in South Korea, Dr. Robert Levine would have got little idea that his laptop would be stolen. A couple of months ago, Dr. Levin, a nuerologist specializing in ears, was conducting a lecture and he later discovered that his laptop containing vital information for over 22 years was stolen from the premises.

According to the analysis done by Mass. Eye and Ear it was determined that Dr. Levine’s laptop contained critical demographic and health information of around 3,526 patients all of whom were treated by Dr. Levine at Mass. Eye and Ear during February 3, 1988 and February 16, 2010. Additionally, the laptop also included info of a small number of participants in research conducted by Dr. Levine at Mass. Eye and Ear who were not also Dr. Levine’s patients, as follows:

67 participants in somatic tinnitus modulation research
One participant in pulsatile tinnitus research.

As per the new rules defined by the legislation, the responsible authority has to inform the affected individuals. Following the regulations, Mass Eye and Ear is informing the patients and research participants about the loss of information.

What kind of information was present?

It is typically believed, that Dr. Lveine’s laptop contained the following types of information:

Name, Address, Telephone numbers, E-mail, Date of birth and age, Sex, Medical record numbers, Dates of service, Medical information, including diagnoses, symptoms, test results, and prescriptions, Name and contact information for patient pharmacies and Research participant status.

The light at the end of this news is that critical information like Social Security numbers, financial account numbers, and credit or debit card numbers were not present on the laptop. Due credit needs to be given to the hospital for taking all the necessary action from their side. Letters have been dispatched to the affected individuals and also a notice has been posted on the website to inform all the individuals whose contact data is out of date.

Individuals who fit into one of the categories above, and who do not receive a letter directly from Mass. Eye and Ear, may contact the Mass. Eye and Ear Breach Response Center at 877-313-1395 to determine if they are affected.

According to the hospital, the computer was password protected and contained a tracking device called as “LoJack.” The hospital contacted contacted LoJack and they discovered the installation of a new operating system on the computer following the theft. It was also discovered that the software through which information about the affected Mass. Eye and Ear individuals was not installed again.

On April 9 it was determined that it was unlikely that continued monitoring of the computer would lead to its retrieval, and a command was sent by LoJack to the computer permanently disabling the hard drive and rendering any information, including information about affected Mass. Eye and Ear individuals contained on the hard drive, permanently unreadable.

Although there is no risk of exposure of financial information, it is believed that the information of the patients could be used to obtain medical care or medications in their name.

John Fernandez, Mass. Eye and Ear president and CEO said, “Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause,”. “We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future.”

About Alertsec Xpress

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.For more information visit us at www.alertsec.com