The personal information exposed includes names, user IDs, passwords, and resident registration numbers, according to South Korean news agency Yonhap. The company apologized for the breach.
Graham Cluley with Sophos commented on the Epson Korea breach: “Although you may not care very much if someone can log into your account at Epson, you certainly will care if they can also use the same password to access your other online accounts. Once again, we find ourselves having to reminder users to get into the habit of using different passwords for different websites.”
“Malicious hackers could clearly use the information they have stolen in targeted attacks against Epson customers, including spammed-out malware attacks (perhaps posing as driver updates for Epson products) or phishing campaigns. The fact that the hackers have their hands on other personal information belonging to Epson's customers can make any such attack all the more believable”, he added.
The Epson Korea breach follows a breach of SK Communications, which runs the largest social networking site in South Korea. Personal information on 35 million South Koreans was exposed in that breach, which SK Communications attributed to malware traced to China.