Kakao is threatening to file lawsuits against the government’s 15.1 billion won ($11 million) fine for its leakage of private information on at least 65,000 users of the anonymous “open chat” service on the KakaoTalk instant messenger app, according to company officials, Wednesday.
The IT firm claimed that the Personal Information Protection Commission (PIPC) ignored its detailed explanation about the data leak.
A day earlier, the privacy watchdog decided to levy the largest fine ever imposed on a domestic firm for a data leak. The decision came after the commission launched an investigation in March last year, following news reports that user data from the open chat service was being illegally traded.
A pedestrian walks past a Kakao Friends gift shop in Seoul, Thursday. Yonhap
The PIPC said the vulnerability in the open chat service enabled cybercriminals to access users’ personal information by identifying their ad hoc IDs used for the anonymous chat service. The hackers are said to have sold the data via Telegram Messenger.
“It was revealed that Kakao did not take the necessary protection measure of encrypting users’ ad hoc IDs, allowing hackers to identify the serial number assigned to each user,” a PIPC official said.
Refuting the claims, Kakao said that it is impossible to identify each user with only a serial number and ad hoc ID.
“Relevant laws do not compel the encryption of serial numbers,” Kakao said in a statement.
The company emphasized that it has been using the masking technique to hide the ad hoc IDs since it launched the open chat service, regardless of the laws. It also said that it has encrypted anonymous chat rooms since August 2020.
“The information that hackers used to figure out users’ personal information was not leaked from Kakao,” the IT firm said. “Hackers collected the information illegally, so Kakao is not liable for the leak.”
Kakao added that it cooperated sincerely with the police investigation, after reporting the data leak to the Korea 안전 Internet & Security Agency and the Ministry of Science and ICT, despite the lack of its liability for the leak.
“We are considering taking various legal actions, including an administrative litigation,” Kakao said.
