Kakao Style’s ‘Zigzag’ Source Code Leaked in Hack; KISA Launches Investigation — BigGo Finance | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Authorities have launched an investigation after evidence emerged of a source code leak caused by an external attack on the fashion commerce platform ‘Zigzag,’ operated by Kakao Style. The incident was triggered by a post on a dark web hacking forum offering “KakaoTalk’s entire source code” for sale. While no personal data breach has been identified so far, the situation is reigniting anxiety among Zigzag users who experienced a personal data exposure incident in 2023.

Kakao Style issued an official statement on the 9th, saying, “We became aware of the leak of our source code due to an external attack on June 3, and completed our report to the Korea Internet & Security Agency (KISA) at 6 p.m. the following day, June 4.” The company added, “We are fully cooperating with KISA’s investigation, and no personal data breach has been confirmed from the time of initial awareness to the present. We will take necessary follow-up measures based on the investigation results.”

The incident originated from a sales post on a dark web hacking forum. The post claimed to be selling ‘KakaoTalk’s entire source code,’ along with internal network access rights and databases. While the title gave the impression that core assets of South Korea’s national messenger KakaoTalk had been leaked, analysis of the attached leaked data list revealed that it contained numerous project names related to Kakao Style, Zigzag, and ‘Posty,’ a men’s fashion platform also operated by Kakao Style. Kakao Style is a subsidiary of Kakao but operates as a separate legal entity. To date, no evidence of information leaks or hacking has been found in Kakao’s official services, including KakaoTalk.

The cybersecurity industry is taking a cautious stance regarding the authenticity of the dark web post. The forum where the post appeared is a prominent cybercrime community where databases, account credentials, malware logs, and breach data are illegally traded, but it is also a place where false or exaggerated posts frequently appear, aimed at attracting attention or financial gain. A cybersecurity industry source said, “It is difficult to determine the actual scope of the breach or the scale of the leak based solely on a dark web post. Whether the materials included in the post are genuine internal data, and whether additional data was leaked, must be assessed through the investigation results of the company and relevant agencies.”

Market concerns are expanding beyond a simple source code leak to the possibility of a personal data breach. Kakao Style has faced a series of security issues, including a phishing site impersonating Zigzag that appeared last month, causing customer damages of approximately ₩100,000 (approximately $66). Notably, in 2023, a serious error occurred in the Zigzag app where other members’ personal information was exposed upon login. That incident escalated into a large-scale personal data breach, with sensitive customer information such as names, email addresses, order histories, and shipping addresses being displayed to other users, drawing fierce criticism.

Kakao Style has repeatedly emphasized that “no personal data breach has been confirmed to date” regarding this matter, but anxiety persists among users still traumatized by the previous incident. Some observers point out that if source code is leaked, service vulnerabilities could be exposed externally, making the platform a target for secondary hacking attacks, underscoring the need for preemptive security reinforcement.

KISA is currently investigating the exact breach path and scope of impact together with Kakao Style. Under South Korea’s Act on Promotion of Information and Communications Network Utilization and Information Protection, information and communications service providers must report breach incidents to KISA without delay. Kakao Style completed the reporting process within one day of becoming aware of the incident. Depending on the investigation results, KISA will make a final determination on whether personal data was breached and may impose administrative measures, including fines, if necessary.

Kakao Style is a fashion tech startup founded in 2015, which became a Kakao affiliate after Kakao acquired a stake in the company in 2018. Zigzag is one of the largest women’s fashion platforms in South Korea, surpassing 40 million cumulative subscribers and leading the fashion commerce market. Industry attention is focused on how this source code leak incident will affect the platform’s service credibility.



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW