It is shown that personal information belonging to more than 3 million South Koreans has been leaked on the dark web. It is shown that there is personal information leaked from single company as well as information belonging to local government groups and crime victims support centers. Distribution of personal information is rampant through the dark web and this can cause secondary damages such as credential stuffing and voice phishing. Credential stuffing indicates a type of an attack that uses an automation tool to attempt to log into websites and shopping malls with personal information obtained from the dark web and extorts one’s account.
S2W LAB, which analyses information that can be dangerous, had recently analyzed 40 million pages from the dark web for the past year and it confirmed that personal information belonging to more than 3 million South Koreans has been leaked. Personal information of 845,000 members from education groups that help people with finding jobs and 368,000 people’s e-mail accounts and passwords from websites related to credential testing are all exposed on the dark web.
Personal information that is exposed on the dark web is from many different areas such as an automotive co-op (713), a nursing association (29,692), a crime victims support center (837), a health and welfare center (1,652), a counseling institute (2,692), and a seniors welfare center (46,136). “Although we have found personal information from more than 3 million South Koreans on the dark web, we estimate that the number is much higher.” said CEO Seo Sang-deok of S2W LAB. “Education-related service providers, associations, and organizations were main targets.”

Photo Image
<Example of a page on the dark web>

The dark web can be assessed through specific web browsers such as Tor. Because it guarantees anonymity and is impossible to trace an IP address, many illegal information such as personal information obtained through hacking, contracts, and trade secrets are dealt within the dark web. In case of an incident where personal information is leaked especially, the dark web sometimes predicts the corresponding incident before it is known to the public through online.
Personal information that is distributed within the dark web has a different form from that of personal information found through normal search engines such as Google and Naver. Personal information is either dealt from specific marketplaces or spread by hackers within the dark web and it is arranged in excel, text, and image files. Personal information that is distributed can bring secondary damages on companies as well as individuals. Actual incident that happened in South Korea involving personal points from Homeplus is found to be a credential stuffing attack. It is heard that a person or people involved had collected personal information from the dark web.
Voice-phishing attacks are similar as they are based on personal information that is distributed within the dark web. Recent attacks now involve personal data in order to deceive a person more elaborately. Voice-phishing attacks involving kidnapping use such method.
“Although we cannot delete information from the dark web, we can minimize the amount of damage and set up a countermeasure when we are able to quickly find out that personal information has been leaked.” said Professor Shin Seung-won of KAIST. “Just like how some foreign countries are implementing their measures, we also need to tighten up our monitoring system towards the dark web.”
Staff Reporter Jung, Youngil | jung01@etnews.com