 |
Hong Beom-sik, CEO of LG Uplus, in Seoul. (Photo courtesy of LG Uplus) |
[Alpha Biz= Kim Jisun] SEOUL, Oct. 21 — Hong Beom-sik, CEO of LG Uplus, told the National Assembly’s Science, ICT, Broadcasting and Communications Committee on Tuesday that the company will report recent hacking allegations to the Korea Internet & Security Agency (KISA). His remarks came amid media reports that LG Uplus’s internal server management system source code, database and server metadata may have been leaked.
U.S. security outlet The Record (formerly The Hacker News / referenced as ‘프랙’ in Korean reporting) published claims that materials from LG Uplus’s account–privilege management system had been exposed. Until now, LG Uplus had maintained that it had found no signs of intrusion and no data exfiltration.
Lawmaker Lee Hae-min of the New Progressive Party sharply criticized that position, saying it was “like claiming there was no break-in even though stolen goods were found outside the house.” Lee said multiple critical vulnerabilities were identified in the account-privilege management platform (APPM) used by LG Uplus, including:
A bypassable mobile two-factor authentication using manipulated digits/memory,
A backdoor that allows access to the admin page without separate authentication, and
Plaintext passwords and encryption keys exposed in source code.
Lee warned that a single one of these flaws could enable remote privilege escalation and lateral movement into LG Uplus’s internal network. In response, CEO Hong pledged to file a formal report with KISA and cooperate with authorities’ investigations.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
