Forgot your password?
typodupeerror
China Security Crime Social Networks IT

35 Million SK Telecom Accounts Stolen By Chinese Hackers 51

Posted by timothy
from the where's-that-great-firewall-when-needed? dept.
eldavojohn writes "South Korea's SK Telecom has revealed that earlier this week hackers stole 35 million account details from two sites. A portal called Nate Portal that provided e-mail services and a social networking site called CyWorld were the two targets by hackers who, SK Telecom claims, used IP addresses originating from China. From the article, 'The stolen data included user IDs, passwords, social security numbers, names, mobile phone numbers and email addresses. Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use.'"
This discussion has been archived. No new comments can be posted.

35 Million SK Telecom Accounts Stolen By Chinese Hackers

Comments Filter:
  • "encrypted" my ass (Score:5, Informative)

    by girlintraining (1395911) on Thursday July 28, 2011 @02:46PM (#36911802)

    Nate said the social security numbers and passwords are encrypted

    And stored in a database, which for authentication purposes would need to be able to convert said "encrypted" data into plain text for any customer service representative, the billing systems, etc. The key has to be something that's widely accessible, or goes through a proxy. Either way, it's highly unlikely the "encryption" scheme is much more sophisticated than a single XOR operation. Decrypting that field for a substantial portion of the database SELECT statements would be a huge overhead.

    No, I suspect they have the SSNs, it's just a matter of time before they get them back in plain text. Besides, the 'nice' thing about SSNs is... If you know where the person was born, and what year (not hard to find), you can predict 6 out of the 10 digits with a high degree of accuracy, thus aiding substantially in the cryptanalysis. This isn't random data being encrypted... it's highly structured, and most of the plain-text is already known.

    They're screwed.

  • Title Fail (Score:4, Informative)

    by Anonymous Coward on Thursday July 28, 2011 @02:50PM (#36911868)

    IPs originating in chine does not automatically mean it was conducted by Chinese Hackers.

  • Re:proof of idiocy (Score:2, Informative)

    by Anonymous Coward on Thursday July 28, 2011 @03:22PM (#36912334)

    give S.S.# to portal to register is required by law in Korea

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow

Working...