Gmarket Under Investigation After Unauthorized Payments Affect 60 Users; FSS Probes E-commerce Security & Coupang Breach

Gmarket Under Scrutiny Following Unauthorized Payment Incident

South Korean financial authorities have initiated an urgent on-site inspection of Gmarket, a prominent e-commerce platform, following a wave of reports concerning unauthorized mobile payments. This move by the Financial Supervisory Service (FSS) comes as heightened concerns over user data security plague the online retail sector, particularly in the wake of a significant data leak recently reported by competitor Coupang.

FSS Launches Immediate Investigation

The FSS commenced its inspection on Tuesday after more than 60 Gmarket users reported fraudulent activity on their accounts last week. These users discovered unauthorized purchases, primarily of mobile gift certificates, made using credit card details linked to Gmarket's integrated simple payment service, SmilePay. The individual losses incurred by these users varied, ranging from approximately 30,000 won (about $20.44 USD) to 200,000 won.

Gmarket has maintained that the incident was not a direct result of a hacking attack on its systems. Instead, the company suggests that the unauthorized transactions stemmed from the use of account information stolen externally, which was then fraudulently applied to their platform. Authorities are currently working to corroborate Gmarket's explanation as part of their ongoing investigation.

Broader Data Security Concerns: The Coupang Connection

Adding to the industry's woes, the FSS has also launched a separate on-site inspection into Coupang Pay, the fintech subsidiary of e-commerce giant Coupang. This parallel investigation aims to determine if any payment-related information was compromised during Coupang's recent, massive data breach and to assess the company's overall information management protocols.

Coupang recently disclosed that the personal information of nearly 34 million customers, including sensitive details like names, addresses, and phone numbers, had been stolen. The breach is believed to have occurred between June and November of last year, although the company only became aware of the extent of the leak last month. This series of incidents underscores a critical need for robust cybersecurity measures and transparent accountability within South Korea's rapidly expanding e-commerce landscape.