Coupang Data Breach: 33.7 Million Customer Accounts Exposed in Major Insider Attack
Coupang — often described as the "Amazon of South Korea" — has confirmed a massive data breach affecting approximately 33.7 million customer accounts, marking one of the largest privacy incidents in the nation's history.
According to Reuters and TechCrunch, the breach was initially underestimated, but a deeper internal investigation revealed that nearly every active Coupang user may have had personal information accessed.
What Happened
Initial suspicious access was detected on November 18, but Coupang originally believed only a few thousand accounts were affected. After reviewing system logs, token access, and authentication activity, the company concluded that attackers began unauthorized access as early as June 24, 2025.
Investigators now believe the incident stemmed from insider misuse:
- A former employee, reportedly a Chinese national, allegedly kept cryptographic authentication keys after leaving the company.
- These keys were used to generate forged authentication tokens.
- Access was routed through overseas IP infrastructure, helping it evade detection.
Sources:
What Data Was Exposed
Coupang confirmed that attackers accessed non-financial but highly personal data, including:
- Names
- Email addresses
- Phone numbers
- Shipping and residential addresses
- Portions of order history
Payment card numbers, login passwords, and financial details were not compromised according to the company.
However, cybersecurity experts warn that this type of personal data is valuable for phishing, impersonation, targeted scams, and social engineering attacks.
Sources:
Why Investigators Suspect an Insider Attack
South Korean authorities — including the National Police Agency — are now treating the breach as a likely insider-enabled incident.
Key findings driving this assumption:
- The former staff member's authentication keys were not properly revoked.
- The access pattern mimicked legitimate system authentication.
- The attacker used overseas relay servers to mask activity.
- No external vulnerability exploitation was identified.
This raises major concerns about access control, key management, and internal security governance.
Sources:
Government Response and Public Reaction
The breach has triggered intense public and political scrutiny:
- Coupang's CEO issued a formal apology on December 1.
- South Korea's President Lee Jae Myung called for tougher penalties for companies that mishandle personal data.
- Regulators are examining whether Coupang violated national privacy laws.
- Potential fines could reach up to 3% of annual revenue, exceeding 1 trillion won (~$680 million).
- Customer advocacy groups are preparing large-scale class action lawsuits.
Sources:
Impact on Coupang and Its Customers
For Customers
Those impacted face increased risks of:
- Phishing attacks
- Delivery-related scams
- Fraudulent login attempts
- Identity-based targeting
Users are advised to be cautious of any messages claiming to be from Coupang requesting verification or additional information.
For Coupang
Market reaction has been swift:
- The company's U.S.-listed shares slid following disclosure.
- Trust in Coupang's security practices has been shaken.
- The incident has sparked debate about national data-security standards.
What Comes Next
Authorities are:
- Analysing IP traces and authentication logs
- Auditing Coupang's internal access-control protocols
- Investigating potential negligence in revoking employee credentials
- Reviewing compliance with South Korean data-protection law
Coupang states that it has now closed the unauthorized access route, tightened internal monitoring, and hired an external cybersecurity firm to support the investigation.
Sources:
Why This Breach Matters Globally
The Coupang breach highlights a critical security reality:
Insiders — not external hackers — often pose the greatest threat.
Had external scanning or continuous access-monitoring controls been in place, abnormal authentication activity or unexpected token generation might have been detected sooner.
This incident reinforces the need for:
- Strong access governance
- Continuous monitoring of external exposure
- Rapid detection and incident-response workflows
- Automated expiration and revocation of credentials
Final Thoughts
The Coupang breach is more than a corporate failure — it reflects the growing complexity of securing large digital ecosystems in an era where internal misuse, credential leakage, and authentication gaps can compromise millions.
As investigations continue, regulators and businesses worldwide will be watching closely.
