Widespread Hacking in South Korea

It was recently reported that nearly ever member (approximately 35 Million people) of a South Korean social networking site had their personal data exposed as the result of a hack on Cyworld’s systems.

From the Register:

Names, phone numbers, email addresses, and other details may have been exposed through the Cyworld hack, which follows previous attacks against South Korean government sites and financial service firms.

At the moment it is not clear how significant the impact of this is, but with previous data releases it has been apparent that a significant percentage of users have the same password on their social networking pages as they do with other resources and most people who are heavily involved with social networking provide a significant amount of the ancillary data frequently used to verify identity.

Basically a service this size is a hacker / identity thief’s paradise.

While there is little you can do to make sure any social networking sites you use protect your data properly, you can take steps to minimise the risk you face. You should always encourage people to do the following when it comes to engaging with social networking services:

  • Never, ever, use the same password for social networking sites and any other “important” service – banking, email, or business networks.
  • Try to minimise the personal details you provide – think twice before using your real date of birth and never give away information that matches your alternate identity verification elsewhere (typically mothers maiden name, school, favourite place, first pet etc).
  • Be very careful about who you trust on social networking sites. If you get a link from a friend make sure it is legitimate before you follow it.

While security is never going to be perfect. Following some simple rules can minimise your risk exposure and minimise the chances that you will fall foul to an attacker  yourself.

Social networking can be great for both personal and business activities so rather than avoid it, embrace it with care and caution.

Taz Wake - Halkyn Security

Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.