A recent investigation revealed that Coupang's mishandling of its security measures facilitated a significant data breach, where a former employee managed to access the system for nearly a year undetected. The investigation highlighted flaws in Coupang's authentication system and overall information security management, demonstrating that the company failed to monitor access by a former employee who exploited a vulnerability related to the access system he had once helped develop. Despite the sophistication of the attack, investigators concluded that the issue was less about advanced hacking and more about inadequate management and oversight of security protocols.

The culprit, identified only as Mr. G, was a backend engineer who exploited his knowledge of the authentication system's weaknesses. After leaving his job, he used forged electronic access cards to bypass normal login procedures, gaining unauthorized access to user accounts and subsequently leaking a considerable amount of personal information. Throughout this breach, Mr. G utilized up to 2,313 different IP addresses to automate his data extraction efforts, illustrating the scale and premeditated nature of his actions.

Prior to the breach being reported, Coupang had not recognized the actions of Mr. G, even when they received suspicious reports regarding potential data leaks. The investigation underscored systemic flaws in Coupang's protocols, noting that while there were attempts to fix certain weaknesses in its electronic access system, comprehensive assessments of the user authentication mechanisms had not been conducted. This incident raises crucial concerns regarding the adequacy of security management in major e-commerce platforms and highlights the need for robust and proactive security measures to prevent similar occurrences in the future.