π°π· South Korea's largest e-commerce retailer Coupang's data breach investigation reveals critical authentication failures
-
South Korea's largest e-commerce retailer Coupang's data breach investigation reveals critical authentication failuresKey findings:
Signing keys were not rotated after the malicious engineer's departure, allowing continued access The gateway server lacked proper verification mechanisms despite being designed to restrict access The engineer used stolen keys to forge credentials, conducted preliminary tests, and then launched full-scale data extraction
-
South Korea's largest e-commerce retailer Coupang's data breach investigation reveals critical authentication failures
Key findings:
Signing keys were not rotated after the malicious engineer's departure, allowing continued access The gateway server lacked proper verification mechanisms despite being designed to restrict access The engineer used stolen keys to forge credentials, conducted preliminary tests, and then launched full-scale data extraction 2,313 IP addresses were used in automated crawling operations starting in November 2024 Attack scripts found on seized devices were capable of exfiltrating data to overseas cloud servers No logs remain to confirm whether data was actually transferredInvestigators also found that Coupang had not segregated dev and production environments and that a current developer was storing a signing key on a laptop, violating the company's own internal policies.
-
R relay@relay.infosec.exchange shared this topic
