How to Respond to a Coupang Hack Essential Steps to Prevent a Data Breach

coupang hack update

coupang was recently hacked, compromising the personal information of approximately 33.7 million accounts. the stolen information included names, emails, phone numbers, shipping address books, and some order information. fortunately, no login or payment information was included, but the stolen information is enough to enable sophisticated smishing attacks.

in particular, this breach isn't just about exposing information, as fraudsters could send phishing texts with real order information and shipping addresses that look authentic, which is why it's important to take action now.

here's what you need to do right now

check your login history

the first thing you should do is check your login history on the Coupang app or website. If you find that you've logged in from a location or device that you don't recognize, it's likely that your account has already been compromised. In this case, you should immediately log out of the device and change your password.

how to change your password

experts advise that you should always change your Coupang password. it's important to note that you shouldn't just change your password for Coupang, but also for any other sites that use the same or similar password. Many people use the same password on multiple sites, and a single breach can lead to a chain of hacks.

a good rule of thumb is to make your new password at least 12 characters long, with a combination of upper and lower case letters, numbers, and special characters. avoid combinations that can be easily guessed, such as your date of birth or phone number.

set up two-factor authentication

changing your password alone isn't enough to ensure complete security. you can add an extra layer of security by setting up two-factor authentication. by enabling additional authentication via an authenticator app or text message, even if your password is compromised, you'll be much safer because you won't be able to log in without secondary verification.

how to prevent smishing and what types of texts to watch out for

the biggest thing to watch out for in the wake of the Coupang hack is smishing. smishing is a criminal tactic that uses text messages to trick users into installing malicious apps.

kISA, the Korea Internet and Security Agency, warns that fraudsters are likely to use keywords such as damage compensation, damage inquiries, and refunds. In fact, you may receive the following smishing alert texts

dear member, the delivery of the item you purchased from Coupang is delayed. please follow the link to check the status of your shipment.

the reason these texts feel so real is because your actual order information has been compromised. If you see the name of the product you actually purchased in the text, you may be tempted to click the link without question.

how to avoid being a victim of smishing

the key to avoiding a data breach is to never click on links in suspicious texts. Be suspicious of texts with an unclear sender or that ask you to click on a link out of the blue. Don't respond to requests for personal or financial information for any reason.

if you need to check if a text is a scam, you can check for smishing in the KakaoTalk channel ProtectNara. you can also get advice from the Korea Internet & Security Agency's 118 call center, so be sure to check it out if you're at all suspicious.

take additional security measures to prevent identity theft

block micropayments on your phone

it's a good idea to block micropayments on your phone in case of hacking. It's easy to do through your carrier's app or customer support, and you can temporarily turn it off when you need to.

block international card payments

it's also a good idea to block card cross-border payments. this prevents your compromised information from being misused overseas. most credit card companies offer international chargebacks in their apps.

utilize credit alerts

with Toss's credit alerts, you can get instant notifications when someone opens a credit inquiry in your name. it's a great way to prevent identity theft and can stop someone from taking out a loan or card without your knowledge.

change your personal customs number

if you're using direct deposit overseas, you may want to consider getting a new Personalized Customs Identification Number. the Personal Customs Identification Number is a type of customs identification number used when shopping overseas, and many people get it reissued because if it is stolen, it can be used to import contraband. you can apply for one on the Korea Customs Service Unipass site.

frequently asked questions

was my payment information compromised in the Coupang hack?

no. The Coupang breach did not include login and payment information. However, you should be aware that your name, email, phone number, shipping address, and some order information may have been compromised and used in smishing attacks.

how do I check for a data breach?

check your login history on the Coupang app or website. if you see logins from devices or locations you don't recognize, your account may have been compromised. additionally, look out for emails or notifications from Coupang about the breach.

what should I do if I receive a smishing text?

never click on the link. delete the text, and if you suspect smishing, report it to KakaoTalk's ProtectNara channel or the Korea Internet & Security Agency's 118 call center. If you have already clicked on the link, you should immediately check for malicious apps and wipe your phone if necessary.

how often should I change my password?

under normal circumstances, we recommend changing it every three to six months. however, in the case of a major hack like this one, you should change it immediately. If you use the same password on multiple sites, change them all to different ones.

where do I report suspected identity theft?

you can report it to the Financial Supervisory Service 1332 or the National Police Agency Cyber Investigation Bureau 182. if you've noticed an anomaly through your credit alert service, contact your financial institution immediately as well.

wrapping up

changing your passwords quickly, enabling two-factor authentication, and being vigilant about smishing texts are the keys to dealing with the Coupang hack. check in and take action today.

if you found this article helpful, let us know what you think in the comments. and don't forget to subscribe to our blog for the latest security information and life hacks.