National employment platform exposed 230,000 users’ personal data

By Kuksung Nam, The Readable
Jul. 7, 2023 9:03PM GMT+9 Updated Jul. 14, 2023 8:10PM GMT+9

The South Korean government announced on Thursday that its state-operated employment platform was hit by a cyberattack, exposing 230,000 users’ private data.

In a press release, the Korea Employment Information Service (KEIS) stated that they discovered 236,572 cases of unauthorized access in the national employment platform, Work-Net. The break in was conducted by 28 different foreign IP addresses.

KEIS assumed that the hackers used credential stuffing, a method where criminals try to gain access to an account by applying information that has already been breached. The agency explained to The Readable that they came to the assumption, as its security team did not detect any abnormal intrusions in the company’s network.

The South Korean government is sending notifications to users who allegedly had their information exposed from the data breach, requesting that they change their passwords. The disclosed data included names, genders, dates of births, addresses, phone numbers, work experiences, and identification pictures. KEIS is also planning to strengthen its security procedures, such as adopting two factor authentication, requesting that users enter an auto-generated code to sign in to add a second layer of protection.

“The hackers tried to gain access to Worknet 5 million times. They have successfully signed in to 380,000 accounts,” said an official of KEIS to The Readable. “After excluding repeated accesses, we discovered that 230,000 accounts were impacted by the attackers.”

nam@thereadable.co

The cover image of this article was designed by Areum Hwang.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.

[Weekend Briefing] Data breach exposed test scores of 270,000 high school students

By Kuksung Nam and Dain Oh, The Readable Feb. 24, 2023 8:18PM GMT+9 Updated Feb. 27, 2023 4:55PM GMT+9 “Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from

[Weekend Briefing] Balance between data protection and information sharing

By Kuksung Nam and Dain Oh, The Readable Dec. 23, 2022 6:42PM KST “Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact

A story from Europe: The ultimate complexity of balancing between protecting and sharing information

By Kuksung Nam, The Readable Dec. 22, 2022 9:45PM KST Balance is not the first word that comes into one’s mind when thinking about cybersecurity. To most of us, we tend to focus on threat actors such as state-sponsored hackers and advanced persistent threat groups or the types

National employment platform exposed 230,000 users’ personal data

Read next