Complaints Flood Daum Over Major E-mail Leakage

The massive data leakage at Hanmail, the e-mail service of the country’s second-biggest Web portal Daum, is found to have been caused by lax management of the e-mail system.

Daum is also under fire for its belated response that critics say snowballed losses. The portal shut down its e-mail server 50 minutes after the problem occurred.

○ Slack management caused personal data leakage

Daum said yesterday, “We believe the problem occurred in the process of upgrading Hanmail functions to allow e-mail users to see their last logon data.”

This sort of system upgrade is normally carried out at dawn when user traffic is low, but a series of sample tests produced no problem and the company continued to work on the upgrade during the day, Daum staff said.

Experts say, however, that such lax management resulted in the massive exposure of personal e-mail data.

After the problem occurred, Daum failed to suspend its e-mail service and let the problem continue for 50 minutes. Above all, it did not identify the exact cause and the extent of damage until midnight.

All of this has led to complaints over Daum’s slow response, with an estimated 550,000 Hanmail users suffering leakage of their e-mail data.

This is not the first such incident for Daum. Controversy erupted last year after the Web portal was discovered to have hidden a hacker attack on its client counseling system.

On this, an information technology expert said, “The main cause of the incident seems to be an interaction error between the e-mail server and user database.”

“Daum asked for trouble by conducting an upgrade susceptible to error. The possibility of an accident caused by a hacker cannot be ruled out.”

○ Damage more serious than announced

With more users complaining about losses, the damage is apparently worse than Daum has described.

Contrary to the Web portal’s explanation that only the titles of e-mail were exposed, certain netizens complained that their unread e-mail was accessed by others.

One user said he had to delete one of his e-mail messages because someone’s credit card statement was attached to it. Another said e-mail she had yet to read was opened and important documents were gone.

Seeing e-mail titles contain places of business and contact points, some complained that their personal data was leaked through indirect routes.

An Internet user said in a post on a Daum discussion forum, “My e-mail messages contained personal documents such as credit card bills. Since the incident, I’ve received unsolicited calls.”

“It seems someone accessed my personal data and stole my cell phone number and address.”

This suggests Hanmail users are likely to suffer secondary damage stemming from the leakage.

One member of a Naver café for victims of identity theft said, “(Since the leak) I received hundreds of spam e-mail. I reported this to cyber police and changed my password.”

Whether Daum is liable for damages is unclear since its user contract specifies that its responsibility only extends to “damage caused by intentional or grave errors.”

Daum said, “The decision to compensate losses will be made after identifying the extent of damage and the cause of the problem.”