"We Will Fully Cooperate with the Government Investigation"

An incident involving the leakage of members’ personal information has occurred at the online video service (OTT) TVING, with concerns rising over secondary damages as encrypted values such as the Connection Information (CI) and Duplicate Subscription Verification Information (DI) were also compromised.


TVING logo. Provided by TVING

TVING logo. Provided by TVING

View original image


According to the government and TVING on June 4, the Ministry of Science and ICT has formed a joint public-private investigation team to determine the cause of the TVING data breach and assess the extent of the damage. It is reported that the original data is currently being reviewed.


Previously, in a notice issued in the early hours of the previous day, TVING announced that user IDs, names, dates of birth, gender, CI, DI, mobile phone numbers (with the last four digits encrypted), and email addresses (with the ID part, excluding the domain, encrypted) had been leaked. The cyberattack occurred on June 1, and TVING detected the personal information breach the following day, subsequently blocking the attacker’s IP address.


However, with the leakage of CI and DI, hackers could now combine this data with information leaked from other websites or financial platforms, making it possible to identify individuals. The encrypted values are generated based on resident registration numbers and can be exploited for identity theft or targeted smishing attacks. In such cases, it is possible to piece together not only a person’s online and offline activities but also their consumption patterns. This is why the government deemed the incident a major breach and organized an investigation team.


In particular, back in December last year, there was a detection of "credential stuffing" attempts at TVING—where accounts leaked from other sites were used in brute-force login attacks—raising the possibility that security vulnerabilities may have been exposed. While TVING was in a defensive position at that time, in this incident, there is a risk of secondary damage affecting other services linked to TVING accounts, such as Naver Plus Membership or telecom partnership services.

Concerns Over Secondary Damages After TVING CI and DI Leak... "Compensation Measures Under Review" View original image

TVING has not disclosed the scale of the leak, but the current number of paid subscribers is estimated at around 5 million, with the monthly active user (MAU) count estimated between 7.7 million and 8 million. A TVING representative stated, “We are investigating the exact scale by confirming the range of customers affected by this breach,” adding, “We will prepare compensation measures to the extent possible.”


Hot Picks Today

Foreign Investors Lament Huge Losses in an Instant as Oh Sehoon Overtakes Jeong Wonoh in Seoul Mayoral Election Bets Foreign Investors Lament Huge Losses in an Instant as Oh Sehoon Overtakes Jeong Wonoh in Seoul Mayoral Election Bets

Meanwhile, separate from the joint public-private investigation, the Personal Information Protection Commission is also examining the facts to determine whether any laws were violated. The Commission stated, “A report was received early yesterday morning, and we are following the necessary procedures.” If TVING is found to have been negligent, it could face a fine of up to 3% of its total sales. Last year, TVING recorded sales of 405.9 billion won. The amended Personal Information Protection Act, which allows for fines of up to 10% of total sales, will only take effect starting this September and therefore does not apply to this case.


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing