Nexon Korea Corporation Data Breach (2011)

The police are investigating the hacking of 13.2 million users of Nexons massively multiplayer online role-playing game Maple Story. On Thursday, Nexon found that Maple Storys backup server had been hacked, and personal information of 13.2 million of the 18 million registered users stolen. The company reported the incident to the Korea Communications Commission at about 5 p.m. on Friday and requested the police to investigate the incident. According to Nexon, the hacker gained access to names, game IDs, resident registration numbers and passwords of the 13.2 million users. The resident registration numbers and passwords were stored in codified form, the company said. The investigations are ongoing and police are leaving open the possibility that an insider was behind the hacking or that those responsible had inside help. Authorities will also determine if the server has been affected by malware, and track the route the malware was implanted in the server if any such programs are found. The investigations are ongoing, so we cant disclose details about the situation, a Nexon official said. He added that the number of minors affected by the hacking cannot be disclosed and that the number of those who registered to the service using i-Pin codes instead of resident registration numbers is unknown. A Nexon official is seen at the companys office on in Seoul on Sunday, two days after the company and the Korea Communications Commission announced that a hacking incident occurred on Thursday. (Yonhap News) I-Pin codes allow users to register to websites without inputting resident registration numbers. The information concerning legal guardians of users who are under 14 years of age is not involved in the hacking as it is stored in a different server. Users younger than 14 are required to obtain consent from legal guardians, who are to fill in information to prove their relation with user. The KCC said that while it is unlikely that codified information could immediately be misused, details will not be known before the system analysis is complete. Information regarding monetary transactions including credit card and account numbers were not breached in the incident. With 13.2 million users information having been stolen, this is the third-largest case of its kind.