Investigators seeking info on email account behind Coupang messages to better understand hack
Published: 02 Dec. 2025, 19:34
Updated: 03 Dec. 2025, 14:09
![Coupang CEO Park Dae-jun, left, and Coupang Chief Information Security Officer Brett Matthes testify before the National Assembly's Science, ICT, Broadcasting and Communications Committee in western Seoul on Dec. 2. [LIM HYUN-DONG]](https://koreajoongangdaily.joins.com/data/photo/2025/12/03/4142c521-8a6d-4b9f-b3ac-1638d7eee9a1.jpg)
Coupang CEO Park Dae-jun, left, and Coupang Chief Information Security Officer Brett Matthes testify before the National Assembly's Science, ICT, Broadcasting and Communications Committee in western Seoul on Dec. 2. [LIM HYUN-DONG]
Police have asked the company behind an email address for account information tied to threatening messages sent to many Coupang customers and to the retailer’s customer service center, according to police and Coupang officials.
Investigators are trying to identify who leaked personal information and to determine the motive. The sender, investigators say, did not demand money from Coupang. Instead, the messages warned that the sender would inform the news media about the leak unless Coupang strengthened its security.
Police and Coupang said Tuesday that investigators were focusing on identifying a suspect, with a former Coupang employee of Chinese nationality under consideration. One key lead, police said, involves the threatening emails sent after the personal information was taken.
“We have asked the company tied to the email account to provide information,” a police official said. The official added that requesting and receiving the materials could take some time.
Investigators also said they plan to determine whether the person who sent the emails is the same individual who leaked the data. However, they are also considering the possibility that the two actions were carried out by different people.
“If this wasn’t a solo act, it’s possible the suspect collaborated with a Chinese hacking group or another third party,” said Lim Jong-in, a professor at Korea University’s Graduate School of Information Security.
The motive behind the threats remains unclear. Unlike typical extortion cases, the emails did not demand money. Instead, the sender warned that unless Coupang strengthened its security, the leak would be disclosed to the media. Police believe identifying the suspect is key to understanding their intent.
Authorities are also looking into whether the leaked data has already been sold or transferred to third parties. A digital forensics investigation is underway.
![Coupang headquarters seen in southern Seoul on Dec. 1. [NEWS1]](https://koreajoongangdaily.joins.com/data/photo/2025/12/03/21c1b1da-2dfb-4c8e-a947-218029a6358a.jpg)
Coupang headquarters seen in southern Seoul on Dec. 1. [NEWS1]
“There are reports that Coupang account information is circulating on the dark web,” said Kwon Hun-yeong, a professor at Korea University’s Graduate School of Information Security. “We need to determine as soon as possible how one person managed to exfiltrate tens of millions of records.”
Police also plan to examine Coupang’s handling of the incident. Although the breach reportedly began in late June, the company only launched an internal investigation after receiving reports from customers.
At an emergency parliamentary inquiry held by the National Assembly’s Science, ICT, Broadcasting and Communications Committee on Tuesday, Ryu Je-myung, second vice minister of the Ministry of Science and ICT, said the “unauthorized access occurred between June 24 and Nov. 8.”
Coupang CEO Park Dae-jun said at the same hearing that a former Chinese employee, who is being identified as a suspect, worked as a developer who built the company's authentication system, not as an employee who carried out authentication checks.
“We cannot yet confirm whether the breach involved one person or more,” said Park.
He declined to provide further details, citing the ongoing police investigation.
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY MOON SANG-HYEOK [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)