Packages stacked for delivery inside a Coupang vehicle in Seoul. (Yonhap)
SEOUL, Dec. 2 (Korea Bizwire) — South Korea is bracing for a wave of phone scams and phishing attempts after the recent massive data breach at Coupang exposed names, addresses, phone numbers and portions of purchase histories belonging to nearly all of the e-commerce giant’s customers.
Security specialists warn that although the leaked information does not include passwords or financial data, the combination of personal details and recent order records provides what one expert described as “a nearly complete toolkit” for fraudsters.
With precise knowledge of what customers bought and when, criminals can convincingly impersonate delivery agents, customer-service representatives or even family members.
Officials say the risk is high enough that the government rushed to issue alerts for smishing and voice-phishing and initiated a three-month intensified monitoring of the dark web. “Secondary damage may occur,” the government cautioned, urging consumers to be vigilant.
The most troubling detail, analysts say, is the exposure of shipping addresses, phone numbers and specific items recently ordered — information that enables scammers to craft targeted messages such as “Your recent order has been delayed.”
Similar scams surged overseas after Amazon account data leaks in the United States and Europe, where fake delivery-error texts proliferated.
Fears of Fraud Surge After Coupang’s Massive Data Breach (Image courtesy of Yonhap)
Security firms say the breached data could fuel a wide array of fraud schemes, from KakaoTalk impersonation scams to fake refund claims and postal-service phishing.
While there is no confirmed evidence yet of the stolen data being misused, both police and cybersecurity experts say exploitation is “highly likely,” noting that criminal rings have reused leaked personal data for years in past cases.
Authorities have begun a joint investigation involving the Ministry of Science and ICT, the Personal Information Protection Commission, the National Intelligence Service and the police.
Regulators said they have identified a vulnerability in Coupang’s authentication system that allowed unauthorized access without login credentials — raising additional concerns after the company initially underestimated the scale of the breach, reporting only a few thousand affected accounts before revising the figure to more than 33 million.
Coupang’s data breach undetected for five months, triggering customer alarm (Yonhap)
Investigators are also examining the possibility of insider involvement.
Experts warn that the leak may enable AI-enhanced fraud, with stolen data feeding large language models capable of generating highly personalized scam scripts or even deepfake voices mimicking relatives or call-center staff.
They advise consumers to treat any unexpected refund or delivery-error messages with suspicion, avoid clicking links or installing apps, and verify requests from family members directly by phone.
“Given that purchase information is now out there, the success rate of impersonation calls will rise sharply,” one cybersecurity analyst said. “Even if the caller mentions the exact product you ordered, you should never assume they are legitimate.”
Ashley Song (ashley@koreabizwire.com)
