Stay updated with the latest Cybersecurity News on our TecnetBlog.

Coupang Suffers Major Breach: 34 Million Users Exposed

Written by Muriel de Juan Lara | Dec 4, 2025 1:00:00 PM

Imagine that the largest e-commerce platform in your country—the “Amazon of South Korea”—discovers that nearly its entire user base has been leaking sensitive information for five months. That’s exactly what just happened to Coupang, one of Asia’s biggest e-commerce and logistics platforms, which has confirmed a security breach affecting 34 million customers.

If you manage a digital business or handle sensitive data, this case offers key lessons about late detection, prolonged exposure, and the danger of assuming your vendors are “already secured.” At TecnetOne, we often see the same pattern repeat: large companies with advanced technology but weak or flawed internal controls.

 

Five Months of Undetected Unauthorized Access

 

Coupang confirmed that the breach began on June 24, 2025, via servers located overseas. What’s most concerning is not just the scale of the attack, but the fact that it went unnoticed for over five months.

The company eventually blocked access, reinforced internal monitoring, and hired external experts to investigate—but the response came too late.

The first sign of trouble emerged on November 18, when the security team noticed suspicious activity in 4,500 accounts. Initially thought to be a minor incident, further investigation revealed the true extent: 33.7 million accounts affected in South Korea alone.

 

What Data Was Leaked?

 

The company stated that no financial data or passwords were compromised, but highly sensitive personal information was exposed—ideal for fraud, social engineering, and identity theft. Exposed data included:

 

  1. Full names

  2. Email addresses

  3. Phone numbers

  4. Shipping addresses

  5. Partial order history

 

Even without banking details, this kind of data is enough to launch more sophisticated attacks. Criminals can build complete profiles, craft personalized phishing attempts, commit refund or delivery scams, and exploit the trust between users and the platform.

At TecnetOne, we see time and again that vulnerabilities are often found in the "non-critical" data companies tend to overlook.

 

Learn more: Google Hit by Data Breach Following Salesforce Attacks

 

The Size of the Affected Giant

 

Coupang isn’t just any company. Consider these numbers:

 

  1. Known as the “Korean Amazon”

  2. $30.3 billion in revenue in 2024

  3. $9.3 billion in Q3 2025 alone

  4. 60,000–65,000 employees

  5. 24.7 million active customers

  6. Operations in South Korea, Japan, and Taiwan

 

This means more people were impacted than their active customer count suggests—due to old accounts, inactive profiles, or occasional buyers. Massive breaches like this don’t just affect current users, but also those who left their data on the platform years ago.

 

The Suspect: A Former Insider with Privileged Access

 

While the investigation is ongoing, Korean authorities have identified a suspect:

 

  1. A former Chinese employee of Coupang

  2. No longer residing in South Korea

  3. Officially reported on November 18

 

Although not yet confirmed, all signs point to an insider threat—a common and dangerous attack vector. At TecnetOne, we stress this constantly when discussing access governance and Zero Trust: when someone who knows the infrastructure and its weak points decides to exploit that knowledge, the damage is deeper and harder to detect.

 

South Korean Government on High Alert

 

The breach prompted immediate action from the South Korean government. ICT Minister Bae Kyung-hoon called an emergency meeting and announced increased vigilance over the next three months to prevent secondary damage.

This includes:

 

  1. Monitoring for fraud attempts

  2. Tracking black market database activity

  3. Watching for targeted attacks on affected customers

  4. Coordination between cybersecurity agencies and law enforcement

 

South Korea is among the most digitally connected countries in the world, so incidents like this can have significant social impact.

 

A Chain of Incidents Worrying Regulators

 

This is not Coupang’s first breach:

 

  1. 2020–2021: Customer and delivery driver data leaks

  2. December 2023: Data exposure of 22,000+ users

  3. 2025: Massive leak affecting 34 million users

 

This pattern suggests deeper issues in their security architecture, internal processes, and access reviews. When breaches repeat, it often indicates:

 

  1. Insufficient audits

  2. Uncontrolled attack surface

  3. No real Zero Trust strategy

  4. Excessive internal privileges

  5. Lack of behavioral monitoring

  6. Late patching and reviews

 

For any company managing large datasets, this is a clear warning: security isn’t a one-time project. It’s a disciplined, continuous process.

 

Similar titles: The Hidden Cost of Supply Chain Breaches (And How to Stop It)

 

What It Means for Users: What Could Happen Now?

 

This incident proves you don’t need to lose your password to become a victim. With the leaked data, criminals can:

 

  1. Launch hyper-personalized phishing

  2. Fake deliveries, returns, or shipping issues

  3. Impersonate Coupang via calls, SMS, or emails

  4. Create fake profiles using your data

  5. Launch social engineering attacks on other platforms

  6. Sell your info on underground forums

 

Many criminals wait weeks or even months before using leaked data—precisely to strike when vigilance fades.

 

What Businesses Can Learn from This

 

At TecnetOne, we see the same cycle too often: businesses digitize everything—except their security.

Key lessons from Coupang’s breach:

 

  1. Delayed detection multiplies the damage
    Five months is an eternity. Proper monitoring could’ve caught this in hours.

  2. Insiders are the most dangerous threat
    One employee with access at the wrong time can bring down an entire org.

  3. “Non-sensitive” data is still valuable
    Addresses, emails, and phone numbers fuel 90% of modern attacks.

  4. Vendor security is your security
    One failure exposes all clients.

  5. Incident response must be proactive
    Reacting only after a confirmed leak is already too late.

 

Conclusion

 

The Coupang breach shows what happens when a tech giant leaves a door open for months: millions exposed, attackers enriched, and risks that multiply even after the breach is contained.

Security today is not a luxury—it’s a continuous responsibility.

And if a company as big as Coupang can fall like this, any business—including yours—should rethink its defense strategy before the same happens.

 
View full post