[Alpha Biz= Kim Jisun] SEOUL, South Korea — KT Alpha, a subsidiary of telecom giant KT, announced on the 25th that a "credential stuffing" attack led to an unauthorized login incident, resulting in the leak of personal information for some users. This follows a separate security incident involving illegal femtocells at its parent company, KT, last September.
According to KT Alpha, the breach occurred between December 12 and 14. The attackers utilized a "credential stuffing" technique, in which hackers attempt to gain access to accounts by randomly inputting IDs and passwords previously leaked from other external sources.
The compromised data includes the names and mobile phone numbers of senders found within the mobile gift certificate reception history of the affected accounts. The company confirmed that information regarding third parties, whose details were included in the past reception history of those accounts, was also exposed during the process.
"This was not a direct leak from our database through system hacking," KT Alpha clarified. "The exposure was limited to information viewable within the specific accounts that were compromised via stolen credentials."
KT Alpha emphasized that immediate emergency measures were taken upon discovering the incident. To protect user accounts, the company blocked logins for suspected compromised accounts and reset their passwords. Furthermore, the company strengthened its Fraud Detection System (FDS) and immediately blocked the IP addresses from which the attacks originated.
The company has reported the incident to the Korea Internet & Security Agency (KISA) and the Cyber Bureau of the National Police Agency, and an investigation is currently underway.
While no cases of secondary damage have been confirmed to date, KT Alpha urged users to remain vigilant against potential spam messages or voice phishing from unknown numbers. To prevent further damage, the company "strongly recommends that users change their passwords to unique ones not used on other websites."
KT Alpha has begun individual notifications via SMS to those affected. Users who did not receive an individual notice due to missing contact information can find detailed information through the notice section on the KT Alpha website.
For inquiries or reports of suspected damage related to this incident, customers can contact the KT Alpha Customer Center at 1588-6474 (Operating hours: Weekdays, 09:00 to 18:00).
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
