S. Korean Freshman Busts into 280,000 E-commerce and Government Accounts
Data dump; Network intrusion; Stolen credentials; Unauthorized use of system administrator privileges; User accounts compromised; Software vulnerability
A 20-year-old student allegedly hacked websites across 24 countries, after watching YouTube videos on how to take advantage of software glitches.
He leaked more than 10,000 passwords on his blog and online hacking forums, allegedly using some of the credentials to snoop into emails and fraudulently charge purchases. He also is accused of accessing the site of a South Korean state institution by using the stolen credentials of a civil servant.
The college freshman, in total, collected information from about 280,000 accounts.
“His main targets were low-security websites such as independently run shopping websites,” Yonhap reports. His tactics included “SQL injection,” a technique in which malicious code is injected into databases, and cross-site scripting, or inserting commands into websites.
The student, who learned how to hack from online videos and websites, wanted to "be recognized by other hackers," police said.
Government (Foreign); Retailer
November 6, 2014
Yonhap News Agency
Link to report
location of breach
location of perpetrators
Seoul, South Korea
date breach occurred
between November 2013 and August 2014
date breach detected