Police tracking two email accounts potentially linked to leak of 33.7 million Coupang customer records
Published: 01 Dec. 2025, 19:41
![A Coupang user changes their password on Dec. 1, after reports surfaced that customer information for over 33 million accounts have been leaked from the company. [NEWS1]](https://koreajoongangdaily.joins.com/data/photo/2025/12/01/49b6b25e-5684-4909-817b-1280dae8f369.jpg)
A Coupang user changes their password on Dec. 1, after reports surfaced that customer information for over 33 million accounts have been leaked from the company. [NEWS1]
Police are tracking two separate email accounts used to send threats to Coupang, possibly in relation to the leak of the company's 33.7 million customer records. Investigators have reportedly obtained the IP addresses linked to the messages, sent to both the Coupang customer service center and individual customers, implying that data has been leaked, and launched an investigation.
According to the Seoul Metropolitan Police Agency’s cybercrime unit on Monday, Coupang’s customer center received a threatening email on Nov. 25 stating, “I have your users’ personal information. If you don’t strengthen your security, I’ll report the breach to the media.” The sender did not demand money.
Before that, on Nov. 16, multiple Coupang users received similar emails. Some customers filed complaints with Coupang, saying the messages contained personal details, including their names and addresses. Coupang launched an internal probe and on Nov. 18 acknowledged that data from 4,500 user accounts had been exposed.
Police said the emails sent to Coupang and those sent to customers originated from two different accounts. Investigators are now trying to determine whether the emails came from the same person and whether that person is also responsible for the data leak.
“We’ve received Coupang’s log records and are analyzing them,” said a police official. “We’ve identified the IP addresses used in the attacks and are pursuing an international investigation to track the perpetrator.”
Regarding speculation that the data breach was carried out by a former Coupang employee with Chinese nationality who has since left Korea, police said, “That has not been confirmed through our investigation.” They added, “We are still in the process of identifying the suspect, including their nationality. If the individual named in media reports is confirmed to be involved and international cooperation becomes necessary, we will proceed accordingly.”
Police began a preliminary investigation on Nov. 18 after receiving a report from Coupang that customer data had been leaked. On Nov. 25, Coupang filed a formal complaint requesting an investigation into an “unidentified person” for violating the Act on Promotion of Information and Communications Network Utilization and Information Protection. Coupang was questioned on Nov. 28. Police say they plan to expand the investigation to include a review of the company's internal security vulnerabilities.
![A Coupang delivery parcel is seen with the Coupang headquarters logo in the background, in Songpa District, southern Seoul, on Dec. 1. [YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/12/01/03f0d5f6-e735-4583-83ee-3b036b96af5f.jpg)
A Coupang delivery parcel is seen with the Coupang headquarters logo in the background, in Songpa District, southern Seoul, on Dec. 1. [YONHAP]
As of Monday, no phishing or smishing scams had been reported in connection with the leaked data. The National Office of Investigation said it is working to prevent follow-up crimes.
"We will monitor the dark web for any signs that the stolen data is being traded or sold and track the spread of misinformation and fake news related to the incident," said an investigation office official.
Allegations emerged that the leak was enabled by outdated security credentials within Coupang’s internal systems. Rep. Choi Min-hee of the National Assembly’s Science, ICT, Broadcasting and Communications Committee claimed Monday that the breach may have involved a developer responsible for Coupang’s authentication system who continued accessing internal servers for about five months after leaving the company.
Coupang submitted documents to Choi’s office stating that “it is common to set authentication key validity periods at five to 10 years.” These keys act as stamps for generating access tokens. Even if a token is deactivated after an employee’s departure, a still-valid authentication key could be used to create a new one.
"Coupang has failed to revoke or update the key upon the developer’s resignation," said an official from Rep. Choi's office. Coupang has declined to comment on the validity period of the key allegedly used in the breach, citing the ongoing police investigation.
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY MOON SANG-HYEOK [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)