[Alpha Biz= Paul Lee] A serious data security flaw has been discovered in the online ordering system of Subway Korea, potentially exposing customer information without authentication, according to South Korean lawmakers.



Rep. Choi Min-hee, chair of the National Assembly's Science, ICT, Broadcasting and Communications Committee, revealed on June 30 that Subway’s website and mobile app contained a critical vulnerability. The flaw allowed anyone to access other customers’ contact and order information simply by modifying the numerical value at the end of a URL, even without logging into an account.



"This vulnerability appears to have existed for at least five months, leaving customer data exposed with no safeguards in place," said Rep. Choi.



The extent and scale of the data breach remain unclear, but the revelation adds to growing concerns over consumer data protection in South Korea. The disclosure comes in the wake of similar security lapses at other online platforms, including Papa John's Korea and luxury retail marketplace MustIt, which also suffered recent personal data leaks.



Cybersecurity experts believe the issue stems from a lack of proper security auditing during a recent website update, emphasizing the need for robust vulnerability testing and compliance with data protection standards.



South Korean authorities are expected to launch an investigation into the matter, assessing potential violations of the Personal Information Protection Act.

 

 

 

 

[ⓒ 알파경제. 무단전재-재배포 금지]