13 million MapleStory players at risk after hack – casting a shadow over Nexon’s IPO

Graham Cluley
Graham Cluley
@[email protected]

MapleStoryIf you’re about to float your video game company on the stock exchange, probably the last thing you want is for a hacker to break into the personal details of some 13 million of your players.

But that’s exactly what has happened to South Korean firm Nexon, which runs the massively-popular MMORPG “MapleStory”.

A statement on Nexon’s website (in Korean), “apologises sincerely” for an intrusion on its backup database on 18 November, that the firm revealed to the Korea Communications Commission (KCC) earlier today.

Apology from Nexon

Sign up to our free newsletter.
Security news, advice, and tips.

The stolen data included players’ names, user ids, resident registration number (the equivalent to a social security number) and password. Fortunately, passwords and resident registration number information are said to have been encrypted – but the firm is still advising players to check that they were not using the same password on other websites.

It appears that only information about South Korean game users was exposed, but when you consider that South Korea has a total population of 49 million people, you get a feel for just how significant a haul of the details of 13 million of them could be.

A spokesman for the KCC is reported as saying that there will be a thorough investigation into whether Nexon was negligent with its customers’ private information.

The hack comes with spectacularly bad timing for Nexon, who are planning to IPO. According to VentureBeat, the company acknowledges that one of the risks it faces is one of hacking.

How very prescient of them.

Nexon, and its Maple Story game, aren’t the only online sites in South Korea to have suffered at the hands of hackers, of course. Earlier this year, hackers broke into the popular South Korean websites Nate and Cyworld, and stole information about 35 million social networking users.

Websites need to do a much better job of protecting their users’ information. If they don’t, then it may not just be the customers who are put at risk or inconvenienced – corporate coffers may also begin to feel the pain too.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.