The details of 350,000 South Koreans have been breached following the hacking of the Epson Korea website.
According to the South Korean news agency Yonhap, the breached records contained names, user IDs, passwords and resident registration numbers.
Epson Korea said it is tracking the hackers but has found no trace of them.
Epson Korea apologised for the breach in a notice on its website.
This breach follows last month's news that around 35 million South Koreans were impacted by a breach of SK Communications, which runs the country's largest social networking site Cyworld and the third-most trafficked search engine.
The Korea Herald reported that officials at SK Communications blamed malware that could be traced back to China.
LogRhythm managing director for international markets Ross Brewer said Epson appeared to lacked proper controls.
“The company has come clean about being unable to find any evidence whatsoever left behind by the hackers, indicating that Epson didn't have the visibility required to effectively monitor IT systems and identify anomalous behaviour.”
Sophos senior technology consultant Graham Cluley warned of the risk of attackers testing password against other user accounts, and of phishing attacks.
“Although you may not care very much if someone can log into your account at Epson, you certainly will care if they can also use the same password to access your other online accounts.
“Malicious hackers could clearly use the information they have stolen in targeted attacks against Epson customers, including spammed-out malware attacks (perhaps posing as driver updates for Epson products) or phishing campaigns. The fact that the hackers have their hands on other personal information belonging to Epson's customers can make any such attack all the more believable.”
This article originally appeared at scmagazineuk.com
Copyright © SC Magazine, US edition
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.