SEOUL, August 3 (Korea Bizwire) – A police investigation has discovered that the unauthorized usage of Homeplus mobile gift cards was the result of malicious action on the part of Chinese hackers, and not duplication issues caused by computing errors.
The cybercrime investigation department of the Seoul Metropolitan Police Agency revealed that they have placed three Chinese hackers, including a 26-year-old known as Cho, on the wanted list for breaking into the system of the agency that issued mobile gift cards for Homeplus.
In addition, police arrested three others including an individual known as Jang, who withdrew money earned from selling mobile gift cards issued using the hacked information.
The three hackers, including Cho, broke into the server of company ‘A’ that issued mobile gift cards for Homeplus, in late December 2014 to early January 2015, and took 890,000 PIN numbers. They sold them, or exchanged them into paper gift certificates and distributed them.
The value of the hacked gift cards was 59 billion won. Even if some of them were already used, their profits reached 1.1 billion won. Among the unused gift cards, they sold 950 (worth about 110 million won) to domestic gift card traders at a 20 to 25 percent discounted price, or gave them to the withdrawers as bonuses.
When hacking the main server of company ‘A’, the hackers discovered that the Homeplus server lacked proper security, and selected it as their target.
According to the police, the server’s security system didn’t have its own firewall, and the database of mobile gift cards was not encoded, so the PIN numbers were easily exposed. They added that Homeplus was in such a hurry to set up a server for their new gift card business, they overlooked proper security measures.
As a result of this case, mobile gift cards were proven to be exposed to damage when information is leaked, even though they are very convenient to use.
If you know the card number and PIN of a mobile gift card, it can be used or transferred to others. However, when information is leaked, it is hard to know whether damage occurred before consumers actually check the remaining balance. This gives hackers plenty of time to distribute the gift cards.
Law enforcement officials say that there have to be new measures to strengthen security. “For instance, some sort of certificate like a barcode should be presented when using a gift card, and once it is used, consumers should be informed via text messages.”
By Lina Jang (linajang@koreabizwire.com)