Teenagers Charged Over Public Bike Service Data Breach Exposing 4.62 Million Records

Post Views: 14

Two South Korean Minors Charged in Connection with Ttareungyi Data Breach

Two South Korean minors have been charged in connection with a data breach that exposed the personal information of 4.62 million users of Seoul’s public bike-sharing system, Ttareungyi.

Incident Details

The compromised data included user IDs, mobile phone numbers, addresses, dates of birth, gender, and weight.

According to the Seoul Metropolitan Police Agency’s Cyber Investigation Unit, the two suspects, who met on the Telegram messaging platform, carried out the attack in June 2024 while still in middle school.

The pair’s shared interest in information security led them to collaborate on the breach.

Attack Timeline

The attack on Ttareungyi’s server, operated by the Seoul Facilities Corporation, occurred between June 28 and 29, 2024.

The suspects extracted the user database, which contained sensitive information.

This breach followed an earlier incident in April 2024, when one of the suspects launched a distributed denial-of-service (DDoS) attack against a private mobility rental company, sending approximately 470,000 signals to overwhelm the servers.

Investigation and Aftermath

During the April incident, the suspect identified security vulnerabilities in the Ttareungyi system and shared the information with the second suspect.

The pair then agreed to collaborate on the subsequent breach.

The investigation began after the mobility company filed a complaint with the authorities.

A forensic analysis of seized devices revealed files containing Ttareungyi user information, leading to the identification and arrest of both suspects.

Notably, police sought arrest warrants for the minors on two separate occasions, but prosecutors rejected both requests due to the suspects’ status as juvenile offenders.

The investigation found no evidence that the stolen data was shared with third parties.

Conclusion

The breach highlights the importance of robust security measures to protect sensitive user information, particularly in the context of public services.

The Seoul Metropolitan Police Agency’s Cyber Investigation Unit has emphasized the need for increased vigilance in preventing and responding to cyberattacks, particularly those involving minors.

The agency’s efforts to investigate and prosecute cybercrime cases, such as this breach, demonstrate the importance of law enforcement collaboration in protecting sensitive information and holding perpetrators accountable.