Up to 13 million gamers could be put at risk after Nexon confirmed that names, usernames, encrypted resident registration numbers and passwords had been hacked.
A statement (translated from Korean to English) said that the incident occurred on 24 November and it had informed law enforcement agencies to investigate immediately. The data loss only affected players of the online role-playing game Maple Story; owner Nexon said Maple Story is "completely independent of the service".
A Nexon official told Reuters that the leaked data did not include information on financial transactions or bank account numbers and did not affect overseas subscribers of the online game.
The company has asked game subscribers to change passwords to prevent additional damage, although the leaked resident registration numbers and passwords were encrypted. It confirmed that the entire subscription membership of Maple Story is about 18 million.
It said: “Unlawful invasion of privacy in an accident Maple Story Customer's personal information was stolen and detrimental to the point to worry, we apologise sincerely.”
Paul Ducklin, head of technology for Asia Pacific at Sophos, said: “It appears that only information about South Korean game users was exposed, but when you consider that South Korea has a total population of 49 million people, you get a feel for just how significant a haul of the details of 13 million of them could be.
“A spokesman for the KCC is reported in the Korea Times as saying that there will be a thorough investigation into whether Nexon was negligent with its customers' private information.
“The hack comes with spectacularly bad timing for Nexon, which is planning an IPO. According to VentureBeat, the company acknowledges that one of the risks it faces is one of hacking. How very prescient of them.”