الاثنين 06 يوليو 2026 17:33:11 GMT+02:00

Netcrook

الرئيسيةالبيان
الأخبار
Techcrook
Geocrook
WikicrookالفريقAppاتصال
ArabicEnglishItaliano

Breaches & Data Leaks

Riverside Cover-Up Backfires: How a Sunken MacBook Sank a Data Heist

Published: 30 December 2025 00:06Category: Breaches & Data LeaksGeo: AsiaAuthor: SECPULSE

A botched attempt to destroy digital evidence links a former Coupang employee to a massive data breach impacting millions.

On a quiet morning in South Korea, investigators peered into the murky waters of a city river. What they pulled out was no ordinary piece of litter-it was a waterlogged MacBook Air, the centerpiece of a failed plot to erase digital footprints and outsmart forensic sleuths. But as it turns out, not even a river can wash away the tracks of a determined cybercriminal.

The story begins with a trusted insider at Coupang, South Korea's e-commerce titan, who allegedly stole a security key during his employment. This digital skeleton key unlocked access to sensitive customer data: order histories, delivery building codes, and more. Over several months, the former employee reportedly browsed the private records of at least 3,000 individuals using his own devices-a PC and a MacBook Air.

When the breach was discovered, investigators requested all related hardware. The suspect complied-sort of. He handed over his PC, which contained incriminating attack scripts, but chose a more dramatic fate for his MacBook. Smashing it and weighing it down with bricks in a Coupang-branded bag, he tossed the device into the river, betting that water would erase his crimes.

The bet failed. Forensic experts from Mandiant, Palo Alto Networks, and Ernst & Young retrieved the sodden laptop. Despite its battered state, they were able to extract its serial number-a unique digital fingerprint. This identifier, cross-referenced against Apple’s iCloud records, tied the device directly to the accused. The river had preserved, not purged, the evidence.

Coupang’s internal review found that the employee retained customer data only on personal devices and deleted it after the breach hit headlines. Still, the company acknowledged that over 33 million customers-more than half the population of South Korea-were affected by the unauthorized access. In a massive damage control move, Coupang offered each affected user a ₩50,000 ($35) voucher, a gesture costing the company over a billion dollars.

Now, with a government inquiry looming and the public’s trust shaken, Coupang faces tough questions about its security protocols. The riverbank recovery of a single laptop has exposed weaknesses not only in the perpetrator’s plan, but in one of Asia’s largest tech companies.

This failed cover-up is a stark reminder: in the digital age, erasing evidence is harder than ever. Forensic technology and persistent investigators can turn even a sunken laptop into a smoking gun.

WIKICROOK

  • Forensic Analysis: Forensic analysis is a thorough investigation to uncover how a cyberattack happened, what systems were affected, and to gather evidence for response and prevention.
  • Serial Number: A serial number is a unique code assigned to hardware, used in cybersecurity to identify, track, and authenticate devices on a network.
  • iCloud Account: An iCloud Account is Apple’s secure cloud service for syncing, storing, and backing up personal data across all Apple devices using an Apple ID.
  • Attack Script: An attack script is automated code used by hackers to exploit vulnerabilities in systems, enabling unauthorized access or malicious actions.
  • Insider Threat: An insider threat is when someone within an organization misuses their access to systems or data, intentionally or accidentally causing harm.