Gmarket CEO acknowledges recent cybersecurity case, notes timing of the incident
Published: 04 Dec. 2025, 13:05
Updated: 04 Dec. 2025, 19:18
![James Chang, CEO of Gmarket, explains the company's strategy during a press conference held on Oct. 21 at Coex in southern Seoul. [YONHAP]](https://koreajoongangdaily.joins.com/data/photo/2025/12/04/1293620c-b9a0-4f25-80e1-db0f5484993c.jpg)
James Chang, CEO of Gmarket, explains the company's strategy during a press conference held on Oct. 21 at Coex in southern Seoul. [YONHAP]
Gmarket CEO James Chang acknowledged a recent incident involving the suspected unauthorized use of customer information on the e-commerce platform, saying his company proactively reported the matter to Korea's financial watchdog as it coincided with "a recent suspected hacking case at another company."
“On Saturday, we identified a case on our site involving customer harm suspected to be related to identity theft," Chang told employees in a notice on Thursday. "This incident was not caused by hacking, and an emergency internal review found no trace of external intrusion.”
The statement came after several Gmarket customers reported unauthorized purchases of mobile gift certificates through their accounts. The Financial Supervisory Service (FSS) launched an emergency on-site inspection of the company on Tuesday.
“This appears to be a case of credential stuffing, where personal information, obtained illegally from the outside, was used to log in and make purchases,” Chang said. “We believe this is a typical case of data theft that exploits the widespread use of the same credentials across multiple websites.”
Chang added that Gmarket blocked the associated IP addresses around 8 p.m. on Saturday, the day of the incident, and by 11 p.m. had implemented tighter economic security policies, preventing further damage.
“Given that this incident coincided with a recent suspected hacking case at another company, we treated it as a serious matter and proactively reported it to the FSS,” he said. The Gmarket incident occurred on the same day Coupang disclosed a leak of 33.7 million user accounts.
Gmarket has already provided ex gratia compensation to all affected customers and pledged to strengthen company-wide awareness and cybersecurity systems, according to Chang.
“We will lead the way in building a safer environment for managing personal data,” he said.
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY NOH YU-RIM [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)