13 million MapleStory players at risk after hack – casting a shadow over Nexon’s IPO

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

MapleStoryIf you’re about to float your video game company on the stock exchange, probably the last thing you want is for a hacker to break into the personal details of some 13 million of your players.

But that’s exactly what has happened to South Korean firm Nexon, which runs the massively-popular MMORPG “MapleStory”.

A statement on Nexon’s website (in Korean), “apologises sincerely” for an intrusion on its backup database on 18 November, that the firm revealed to the Korea Communications Commission (KCC) earlier today.

Apology from Nexon

The stolen data included players’ names, user ids, resident registration number (the equivalent to a social security number) and password. Fortunately, passwords and resident registration number information are said to have been encrypted – but the firm is still advising players to check that they were not using the same password on other websites.

It appears that only information about South Korean game users was exposed, but when you consider that South Korea has a total population of 49 million people, you get a feel for just how significant a haul of the details of 13 million of them could be.

A spokesman for the KCC is reported as saying that there will be a thorough investigation into whether Nexon was negligent with its customers’ private information.

The hack comes with spectacularly bad timing for Nexon, who are planning to IPO. According to VentureBeat, the company acknowledges that one of the risks it faces is one of hacking.

How very prescient of them.

Nexon, and its Maple Story game, aren’t the only online sites in South Korea to have suffered at the hands of hackers, of course. Earlier this year, hackers broke into the popular South Korean websites Nate and Cyworld, and stole information about 35 million social networking users.

Websites need to do a much better job of protecting their users’ information. If they don’t, then it may not just be the customers who are put at risk or inconvenienced – corporate coffers may also begin to feel the pain too.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.