The lifestyle services platform "Soomgo" reported to authorities that it had received extortion demanding money along with a claim by a hacker of stealing personal information. The company said that, so far, there are no signs confirming an actual data leak and that it is investigating the facts with an external security firm.
According to the industry on the 11th, Soomgo operator Brave Mobile received a message on the 27th of last month from a hacker claiming "we leaked customers' personal information," along with a demand for payment. The company then reported the matter to security authorities and began an internal investigation and security review.
Information that could potentially have been exposed includes some lesson instructors' (masters) member activity names (nicknames), internal identification numbers, and "Soomgo Cash" top-up records. It is also is under investigation whether some customers' "Soomgo Pay" payment information was leaked. The top-up and payment information included the card issuer name and portions of the card number with masking applied.
Soomgo said in a notice on its website that "although it has not been clearly confirmed whether a personal information leak occurred, please strengthen security to prevent any potential damage." The company asked members to be cautious about clicking L.I.N.C in emails or text messages from unknown sources and to change their account passwords.
Brave Mobile said it provided individual guidance to users whose information may have been exposed and conducted security vulnerability checks and remediation. It also said it strengthened monitoring for unusual logins and launched an investigation in coordination with an external security firm.
The company said that the first-round inspection found no objective indications confirming an actual personal information leak. However, it said it is continuing to verify the facts related to the hacker's claims and is also awaiting the results of the authorities' investigation.
Soomgo, short for "hidden master," is a lifestyle services brokerage platform that connects users with professionals, from moving, cleaning, and appliance installation to private lessons. Users enter their region, budget, and service type and send a request form, and professionals who meet the criteria propose quotes and profiles. According to the company, as of last year the cumulative number of sign-ups was 14 million, and monthly visitors were about 5 million.
A Brave Mobile official said, "So far we have not found specific evidence to support hacking or data leakage," adding, "Since the incident, we have been conducting cyber crisis response drills, security system monitoring, and internal employee training to strengthen security." The official added, "An investigation by the relevant agency is scheduled," and "for now, it is difficult to specify when (the confirmation of whether personal information was leaked, etc.) will be possible."