Last updated 1 month ago
Seoul's public bike hire service Ttareungyi experienced a data breach affecting 4.62 million registered users. The breach occurred in June 2024, with South Korean authorities charging two high school-aged individuals in February 2026. The incident compromised data belonging to most of the service's registered user base.
The attack involved unauthorized access to Ttareungyi's systems, resulting in the theft of user registration data. The two teenagers identified as Persons A and B executed the breach, though specific technical details about the initial access vector and exploitation techniques remain undisclosed. The compromised data includes comprehensive user registration information from the bike sharing platform.
South Korean law enforcement charged the two teenagers in February 2026 for their involvement in the June 2024 breach. The case demonstrates law enforcement's ability to identify and prosecute perpetrators of significant data breaches, even when the attackers are minors. The breach represents one of the largest transportation service data compromises in South Korea.
Two teenagers breached the public bike service system and stole user data
Two South Korean teenagers were charged this week for breaching Seoul's public bike service, representing new legal action and investigation findings not previously recorded in the database summary.
Two South Korean teenagers have been charged in connection with the cyberattack, with the Cyber Investigation Unit of the Seoul Metropolitan Police Agency confirming they carried out the attack while still in middle school and met on Telegram.
The Ttareungyi breach demonstrates critical access control failures in public transportation systems handling millions of user records. The successful breach by teenagers suggests inadequate authentication mechanisms and monitoring for unauthorized system access. Public service platforms must implement stronger access controls and real-time monitoring, particularly for systems containing sensitive user registration data at scale.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector