South Korea Becoming Popular Target for Hackers

There's a saying that 50 million Frenchman can’t be wrong, but this month about 13 million Koreans can be -- and were -- wronged in one of the worst hack attacks in any company’s history.

Making matters worse, Nexon, which produces the MapleStory online game that was hacked, plans to go public on the Tokyo Stock Exchange early in 2012, with its sights set on raising $1.2 billion.

The leaked information, according to the Korea Communications Commission (KCC), included gamers’ IDs, MapleStory resident registration figures and passwords. The hackers gained entry and access to the information via a backup server.

The company is now in the process of telling its registrants to change passwords despite the fact the registration and password information was encrypted. And of course, the company is promising to strengthen its security in order to “ease your anxiety,” according to the latest reports.

However, there is a lesson to be learned here for a U.S.-based company that plans an initial public offering: Redouble or quadruple all of your security measures before you announce an IPO.

South Korea of late has been undergoing a series of hack attacks far more dangerous than the one on Nexon, most of which have been blamed on either North Korea or China. Earlier this year Nonghyup, a government-funded financial institution, was brought to a standstill by an attack, and 1.8 million clients of Hyundai had their personal information stolen from the same suspected sources.

The KCC is the watchdog organization for South Korea. Earlier this year it fined Apple and Google for “collecting location information of some users despite their withdrawal of consent.”

The location data was collected from iPhone and Android cell phone users. In sighting the wrongdoing KCC noted measures taken by both companies to protect users was insufficient, citing “storing information in the cache of the mobile device without encryption.”

KCC also noted the Android phones were storing the location data from approximately 200 Wi-Fi access points and up to 50 base stations, and that it held the information for about seven days.

Subsequently, both Google and Apple said they will encrypt location information saved on their smartphones. KCC said it could have levied large fines (the actual fines amounted to $2,500) or shut down both services, but decided promises from officials of both companies to take corrective action were good enough.

Nevertheless, one wonders where else Apple and Google are deploying -- or rather not deploying -- similar encryption technology and how long they are storing the locations of access points and base stations.