South Korean authorities have disclosed specifics around a substantial data breach that affects 27 million people aged 15-65. The impacted information originates from website registrations for a number of games and online gambling promotions, ringtone storefronts, and movie ticketing.
It’s currently being reported by local media that 16 people associated with the campaign have been detained, and that the full scope of the event has victimized 70 percent of the population, whose personal information is now at the disposal of criminals.
On Thursday, South Jeolla Provincial Police Agency said that a 24-year-old man(identified only by the surname of Kim) was arrested together with 15 others, for supposedly distributing 220 million records with PII.
The data included names, account names and passwords, and resident registration numbers. According to law enforcement, Kim acquired access to the compromised information from a Chinese hacker he found within an online game in 2011.
The data was utilized to obtain in-game currency along with other game-related items which could be sold offline for profit. Along with targeting the games, Kim is also speculated to have sold the private details to other people, including scammers operating a mortgage fraud ring. This resulted in other crimes that lead to the loss of 2 billion Won (1,971,500 USD).
After selling off everything, Kim is thought to have earned $390,919 USD. The price per record item varied from a minimum of $0.001 to a maximum of $20.
The investigation has not been concluded, authorities continue to look for how the compromised records are being distributed. Furthermore, they’re looking for seven other individuals associated with the scheme, including the Chinese hacker alleged to have initially provided the data to Kim.