Probe finds KT website hacked 12 million times

The Ministry of Science, ICT and Future Planning said yesterday it confirmed that hackers accessed KT’s website more than 12 million times over the past three months.

The ministry announced the results of a public-private task force investigation into KT’s massive personal information leak.

The investigation found similar vulnerabilities at nine other KT websites, in addition to the main site, and discovered KT had not detected that hackers were accessing the site as many as 341,000 times a day.

Hackers collected personal information by adjusting customer account numbers using an ID and password from the Paros hacking program.

In order to gather as much personal information as quickly as possible, hackers were found to have created an automated program, which uses random numbers to search for customer service contract numbers.

Hackers took advantage of the vulnerability of KT’s website, which does not ask for contract numbers even if a customer attempts to look up the personal information of other subscribers.

According to the security equipment access record, a specific IP address accessed the primary KT website daily.

The public-private task force asked police, prosecutors and the Korea Communications Commission (KCC) for security measures on the other nine vulnerable websites of KT where hackers have been detected accessing 85,999 records.

“To prevent similar and further damage, we called for carriers, portal sites, Internet shopping malls and online data storage companies to check vulnerabilities and take appropriate measures,” said a spokesman for the Science Ministry.

“We plan to work closely with the KCC, financial authorities, police and prosecutors to quickly respond to cyberattacks in the future.”

BY kim jung-yoon [kjy@joongang.co.kr]