Massive SK Telecom Hack Exposes 27 Million Users

South Korea’s largest telecom provider, SK Telecom, confirmed Monday that around 27 million user records were exposed in a cyberattack that began in 2022.

Authorities believe the malware used in the breach may be linked to a Chinese hacking group known as Red Menshen, as reported by The Korea Times (KT).

The leaked data includes IMSI (International Mobile Subscriber Identity) data — unique codes used to identify mobile users — and about 290,000 IMEI (International Mobile Equipment Identity) numbers from compromised servers, according to KT. These identifiers are often called the “fingerprints” of phones and SIM cards.

“The investigators confirmed that the amount of leaked (universal subscriber identity module, or USIM) information was 9.82 (gigabytes), which equals to about 26.69 million units of the IMSI,” said Choi Woo-hyuk, director general of the Science Ministry’s Cyber Security Bureau, as reported by The Korea Herald (KH).

Officials say that 23 of SK Telecom’s Linux servers were infected with 25 different types of malware. The earliest malware was installed on June 15, 2022, but gaps in the firewall logs mean it’s unclear how much data was stolen before December 2024, as reported by KT.

Authorities are particularly concerned about BPFDoor — a stealthy backdoor malware that experts say is often used for espionage. “That is why we are conducting this investigation with the utmost intensity,” said Ryu Je-myung, deputy minister of the Office of Network Policy, as reported by KH.

Though no damages have been reported so far, the breach raises fears of cloned phones. Ryu said, “According to manufacturers, cloning or creating ‘twin phones’ is fundamentally impossible with leaked 15-digit IMEI data,” as reported by KT.

Experts urge the government to treat the case as more than a data leak. “Framing this solely as a data leak incident misses the bigger picture,” said Lim Jong-in, a cybersecurity adviser to the president, as reported by KT.