'Modu's Startup' Hacker Identified as Business Support Firm; Stolen Data Used for Promotion

A data breach affecting the South Korean government's 'Modu's Startup' program has been attributed not to an external hacker, but to a business support company that was providing AI solutions to participants. The incident resulted in the leak of personal information, including emails, ideas, and evaluation comments, belonging to 5,000 individuals.

According to a report submitted by the Korea Institute of Startup & Entrepreneurship Development (KISED) to lawmaker Kang Seung-kyu, the AI solutions company obtained the private email addresses of participants through "abnormal application programming interface (API) calls." While these email addresses were not publicly displayed on the website, they were accessible through automated collection methods like AI-based crawling.

“

The AI solutions company obtained the private email addresses of participants through 'abnormal application programming interface (API) calls.'

The company then exploited the stolen information to send promotional emails to the participants. KISED confirmed that the company "sent promotional emails (for its own company)" using the emails acquired through the hack. This confirmation came after some participants reported receiving unsolicited promotional emails from a specific AI solution provider to their private email addresses.

In response to the breach, a Ministry of SMEs and Startups official stated that the company involved has been removed from the support program's vendor list, as per regulations prohibiting direct promotion to program participants. KISED has announced plans to establish a procedure for victims to verify the data leak and set up a dedicated channel to minimize further damage.

“

The company sent promotional emails (for its own company) using the emails acquired through the hack.