Korean Teens Charged with Bike Hire Breach that Exposed Data on 4.62M Riders

In a shocking case of cybersecurity vulnerability, two South Korean teenagers have been charged with breaching Seoul's public bike service, Ttareungyi, which exposed data on over 4.6 million registered users.

According to the Seoul Metropolitan Police Agency, the pair, identified as Persons A and B, carried out the attack in June 2024, gaining access to a vast trove of sensitive information including user IDs, phone numbers, home addresses, email addresses, dates of birth, genders, and weights. The breach affected approximately 90% of Ttareungyi's registered users, leaving millions of people vulnerable to identity theft and other forms of cybercrime.

Police claim that Person A carried out the initial attack, while Person B was the one who suggested downloading the stolen data. The two teens allegedly bonded over their shared interest in information security on Telegram before carrying out the hack.

The Cyber Investigation Unit confirmed the charges against the pair, saying they were suspected of violating the Information and Communications Network Act. Despite being arrested on suspicion of the crime, Person A was denied detention due to their age, while Person B's request for pre-trial detention was also refused.

Interestingly, investigators discovered that the involvement of the two teens in the Ttareungyi hack was linked to a separate investigation into a DDoS attack on a private mobility rental company in April 2024. The Chosun news outlet reported that police seized the minor's devices and found evidence linking them to the Ttareungyi strike.

The case has sparked concerns about the vulnerability of public bike services to cyberattacks, highlighting the need for robust cybersecurity measures to protect sensitive user data. As the number of IoT devices continues to grow, it is essential for organizations to prioritize information security and implement adequate safeguards against potential breaches like this one.

The incident also raises questions about the motivations behind such attacks. According to police, there is no evidence that the compromised data has been leaked or sold, but investigators believe that the pair's intention was to profit from the theft. This highlights the importance of understanding the motivations behind cyberattacks and taking proactive measures to prevent similar incidents in the future.

In conclusion, this case serves as a stark reminder of the importance of cybersecurity awareness and the need for organizations to prioritize information security measures. As the threat landscape continues to evolve, it is crucial for individuals and organizations to stay vigilant and take proactive steps to protect themselves against potential cyber threats.

HACKER_BLOG

KOREAN COPS CHARGE TEENS OVER BIKE HIRE BREACH THAT EXPOSED DATA ON 4.62M RIDERS

Korean Teens Charged with Bike Hire Breach that Exposed Data on 4.62M Riders

HACKER_BLOG

KOREAN COPS CHARGE TEENS OVER BIKE HIRE BREACH THAT EXPOSED DATA ON 4.62M RIDERS

Korean Teens Charged with Bike Hire Breach that Exposed Data on 4.62M Riders

RELATED POSTS

AI-powered campaign compromises 600 FortiGate systems worldwide

CISA: Recently patched RoundCube flaws now exploited in attacks

User accidentally gains control of over 6,700 robot vacuums while tinkering with their own device to enable control with a PlayStation controller — security flaw reveals floor plans and live video feeds