Last month's devastating hack against a popular South Korean social networking site that compromised the personal information of 35 million people is now being linked to a software company that unknowingly pushed out infected software updates.
South Korea's National Police Agency has pinned the massive July data breach on attackers who compromised servers belonging to software maker ESTsoft. The police claim that hackers uploaded a Trojan virus to an ESTsoft server used to send out updates of its Alzip anti-virus software to the company's subscribers, The Register reported.
The malware was uploaded to websites on 62 computers owned by SK Telecommunications, including Cyworld, a popular social networking site. The July compromise exposed phone numbers, email addresses, names, birthdays, home addresses and encrypted information from the site's millions of users, an attack that affected about 70 percent of South Korea's population of about 49 million.
Also affected in the July breach was the NATE Web portal, which provides access to Web services such as email.
The Korea Joongang Daily reported that the hack has been traced back to IP Addresses in China: "Given the sophistication and scale of the hacking, police said it appeared the culprit was the most intelligent hacker the country has ever seen."