Internet security loopholes

As many as six major personal profile leaks have occurred this year, ranging from an accident at Hyundai Capital in April to that at the online game software Nexon in November. Given the series of leaks, Web users have loosened their recognition of the importance of Internet security. Immediately after a hacking attack on Nate.com, in which the personal data of 35 million people were hacked, many Web users posted comments like "I feel angry," and "All data had already been robbed," displaying a sense of despair. This situation is a dramatic change from two to three years ago, when people grew highly anxious over leaks of personal information. Does this mean people have grown negligent and indifferent to breaches in online security?

If someone knows that his or her information is being traded without consent, he or she would feel anxious and bad. People who possessed personal data on 1.9 million people were caught by police in June. They purchased the information for a combined 1 million won (870 U.S. dollars) from a Chinese hacker, and then resold the data for 10 to dozens of won per entry to make money. Since the data included financial account numbers and passwords, such data could have been illegally traded or used in crimes. Such information was handed over to voice phishing con artists, online gambling sites, proxy driver agencies and loan sharks. If one receives an excessive number of spam mail or text messages unexpectedly, a leak of personal data should be suspected.

When Korean social security numbers are found posted on foreign websites, one cannot help feeling outraged and angry. By typing in a Korean social security number on Google, blogs are found that guide how to illegally use such numbers. If one types in a real-name ID card number in Chinese in Baidu, the largest portal site in China, ID numbers and names will be retrieved en masse. Certain sites openly have data on sale. Certain people in Korea have urged the government to reissue national ID numbers anew, but the Public Administration and Security Ministry said, "It is impossible to change ID numbers due to the potential for social confusion, and instead the government requires the use of temporarily issued numbers for national ID numbers."

To reinforce personal data security, service providers and their members should make concerted efforts. To prepare for leaks of personal data, Internet service providers should only gather individual identity numbers instead of national ID numbers when signing up members. All national ID numbers kept by the providers should also be discarded or codified in phases. NHN, Korea`s top portal, has secured and is directly operating 110 security professionals, the largest in Korea in number. For their part, users should not give up in thinking that their ID numbers have been leaked. They should instead thoroughly protect and manage their personal passwords. People can prevent major damage if they simply follow the recommendation to change their passwords every three months.

Editorial Writer Hong Kwon-hee (konihong@donga.com)