Consumer anxiety is spreading after a massive personal information leak at Coupang. After the incident became known, text messages and phone calls impersonating Coupang increased, raising concerns that this could lead to real monetary damage. Although no secondary damage directly linked to this leak has been officially confirmed, there is talk that, especially at times like this, it is important for users to check the status of their own accounts and familiarize themselves with basic response procedures.
According to related industries on the 8th, as a government-provided tool to check for personal information leaks, there is the "Find My Leaked Info" service operated by the Korea Internet & Security Agency (KISA). What consumers most want to know is whether their personal information is actually being distributed through illegal channels. Through KISA's service, users can check whether account information such as IDs and passwords has been exposed on illegal distribution channels such as the dark web.
However, there are limits to the information this service can confirm. Whether general personal information such as name, phone number, email, and address has been leaked can only be identified based on what corporations have reported to the government. For this reason, from a consumer's perspective, a practical method is to frequently check Coupang's official notices and individual guidance, and, if more specific consultation is needed, to contact the KISA 118 Counseling Center (phone). The 118 Counseling Center not only takes reports of personal information leaks but also provides guidance on actions to take afterward.
If damage from cybercrimes such as account takeover, smishing, or impersonation has already occurred, the reporting channel changes. Damage from text or phone scams or account intrusions should be reported through the Korean National Police Agency's cybercrime reporting system. If it has led to illegal financial transactions such as account theft or loan fraud, a separate report should be filed through the Financial Supervisory Service's illegal financial transaction response center.
Recently, cases of smishing and voice phishing have been increasing, requiring extra caution. Experts note that in past large-scale personal information leaks, there were repeated instances of concentrated texts and calls exploiting specific corporations or delivery situations.
Caution is needed because requests to click links, install apps, or run remote control programs are highly likely to lead to actual damage. On smartphones, keep settings that block the installation of apps from unknown sources, and immediately block suspicious contacts or report them to the relevant authorities.
Coupang says financial information was not leaked, but to prepare for contingencies, it is also necessary to delete or change card information registered with Coupang. Canceling automatic payments is also one way to prevent secondary damage.
Hong Jun-ho, a professor in the Department of Convergence Security Engineering at Sungshin Women's University, said, "People often set similar IDs, addresses, and passwords across multiple sites, so even if financial information was not leaked this time, secondary damage can occur when combined with information from other sites," and added, "You must delete sensitive information such as payment card information and change your password."
Using security features provided by Coupang is also one of the key steps individuals can take. Through the account management menu, Coupang allows users to check login history, the list of registered devices, and whether new devices have accessed the account. This helps detect account takeover attempts early.
An industry official said, "If you find login traces during hours you were not using the service or access records from unfamiliar devices, it is recommended to change your password immediately and apply two-factor authentication," adding, "Removing access permissions for devices you no longer use is also a basic security measure."
Experts said, "Methods to confirm leaks 100% perfectly are limited," but explained, "Basic responses such as checking login history, changing passwords, and setting up two-factor authentication can significantly lower the risk." The point is to methodically use the tools available to defend your own accounts and information.