Career.go.kr is a prominent online platform managed by the South Korean government, designed to assist citizens in navigating the job market. The site offers a range of services, including job listings, career counseling, and educational resources, making it a crucial tool for South Koreans seeking employment or career development. Given its governmental ties and extensive user base, the security of this platform is of paramount importance.

Breach Details

On August 15, 2024, a well-known hacker, IntelBroker, along with another threat actor, EnergyWeaponUser, posted on BreachForums, advertising the sale of a database belonging to Career.go.kr. The database contains 1.6 million lines of data, including a wide array of sensitive personal information.

Key Information Compromised:

  • User Identification: Member numbers, user IDs, passwords (hashed using Base64(md5)), and various identification codes.
  • Personal Details: Full names, birthdates (including lunar calendar dates), job codes, and contact information (phone numbers, mobile numbers, email addresses).
  • Academic Information: Student IDs, graduation years, and detailed school-related data.
  • Employment Data: Manager positions, career information, and job-related credentials.
  • Security Data: Password answers, login counts, and last login details.
  • Miscellaneous: Various administrative and operational codes, as well as fax numbers.

The database is extremely detailed, covering virtually every aspect of a user’s interaction with the Career.go.kr platform. This breach not only exposes personal information but also potentially sensitive employment data that could be exploited by malicious actors.

Threat Actor Profile: IntelBroker

IntelBroker is a notorious figure in the cybercrime community, particularly active on platforms like BreachForums. Known for high-profile data breaches, IntelBroker often collaborates with other hackers to exploit vulnerabilities in large databases, especially those containing valuable or sensitive information.

IntelBroker's activities are closely monitored by cybersecurity experts due to the sheer scale and impact of the breaches they orchestrate. Their affiliation with EnergyWeaponUser in this case raises further concerns, as both individuals are adept at compromising large datasets.

Share this article
The link has been copied!