Welcome to Korea!

Coupang Data Breach 2025: What Foreign Residents in Korea Should Do Now

Close-up of someone holding a smartphone indoors, typing with both hands in a softly lit room.

Personal information belonging to 33.7 million Coupang users has been exposed through unauthorized access.
On November 29th, 2025, Coupang officially confirmed that customer account data had been compromised in a large-scale data breach.

The company first detected unusual access on November 18th, 2025, when it discovered that around 4,500 accounts had been accessed without permission and reported the issue to authorities. Further investigation later revealed that the attacker had been accessing Coupang’s servers and viewing customer information as early as June 24th, 2025.

If you live in Korea, you’ve probably heard of — or already used — Coupang.
Simply put, Coupang is often called “the Amazon of Korea.”
It dominates the Korean e-commerce market with overnight and same-day delivery services. Many residents in Korea, including foreigners, subscribe to Coupang’s paid membership for free shipping and free returns.

Now, let’s take a closer look at what was leaked, how the investigation is unfolding, and what you should do right now to protect yourself.

What Information Was Leaked, and How Did it Happen?

According to Coupang, the leaked information includes users’ full names, email addresses, phone numbers, delivery addresses, and some order history data

Coupang stated that credit card information used for simple payments was not exposed, and that users do not need to immediately reset passwords or reissue cards.
(That said… there are still reasons to be cautious. I’ll explain why below.)

Authorities are currently investigating the possibility that someone who previously had internal system access may have been involved. A developer who worked on Coupang’s authentication systems is reportedly among those being looked into. He was a full-time employee until December 2024 and has since left Korea.
Some security experts believe that server access credentials may have been copied before his departure, potentially allowing continued access even after he left the company.

Media reports also suggest that Coupang became aware of the breach after receiving an email threatening to expose the incident on November 18th, 2025, unless security was improved. No financial demands were reportedly made.

As of now, the police investigation is still ongoing, and no suspect or single-person responsibility has been officially confirmed.

Security experts point out that the core issue appears to be weak internal access control and poor privilege management, rather than a single technical mistake.

Government Response & Investigation Status

On November 30th, 2025, the Korean government held an emergency security meeting led by the Ministry of Science and ICT and launched a joint public-private investigation task force.

The investigation is focused on whether Coupang properly fulfilled its legal obligations regarding access control, user permission management, and data encryption and protection standards.

To prevent secondary damage such as phishing and scam fraud, the government also announced that it would intensify dark-web and online monitoring for the next three months.Police have commenced a criminal investigation and Coupang has officially filed charges against the suspected former employee. However, since the suspect is believed to be overseas, the investigation may face limitations.

Where Did the Leaked Information Go?

Adding to public concern, Korean media reported on December 3rd, 2025 that Korean Coupang accounts were being sold on major Chinese online platforms.
The platforms mentioned include Taobao and Xianyu.

Accounts were reportedly being sold at different price ranges depending on usage status. However, there is no official confirmation that these accounts are directly connected to the Coupang breach. The connection is suspected but not yet proven.

What Should We Do Now as Affected Users?

I’m also a Coupang member, and my personal information may be part of this breach as well. Unfortunately, once data is leaked overseas, it can’t simply be erased. However, what we can do is reduce the risk of secondary damage.

Even though Coupang insists that payment card data and passwords were not exposed, the fact that account-level information was accessed means we should not let our guard down.

What You Should Do Right Now

1. Check Your Address & Contact Information
Make sure no delivery address or phone number has been changed without your knowledge.

2. Change Your Coupang Password

Coupang app home screen showing the user profile page with the settings icon highlighted in the top right corner.

3. Review Your Login History

Three-step collage showing how to check device logins in the Coupang app. Left: the Coupang home screen with the settings icon highlighted. Middle: the Account Settings page with ‘Security and Sign-in’ selected. Right: the Security and Sign-in page showing a listed ‘Strange device’ with a Sign Out button highlighted.

4. Update Your Payment Security Settings

If you use simple payments, change your PIN.
Also, turn off “one-touch payment”, which allows automatic payment without entering a password. This prevents unauthorized purchases if someone gains access to your account.

Three-panel collage showing how to change Coupang payment security settings. Left: home screen with Menu icon highlighted. Middle: Menu → Payment Methods section with ‘Payment PIN · Security Settings’ selected. Right: the Payment PIN/security settings page with the ‘Use one-touch payment’ toggle highlighted.

5. Consider Changing Your Registered Cards

If possible, remove your stored bank account or cards and re-register a new one.
(If switching cards is difficult, steps 1-4 alone still offer strong protection.)

Three-panel collage showing how to manage Coupang payment methods. Left: home screen with Menu icon highlighted. Middle: Coupay payment page with the Accounts and Cards section selected. Right: the Manage payment method page showing registered cards with Delete buttons and an option to Add payment method.

What You Should Be Extra Cautious About

Leaked personal data is commonly used for voice phishing, smishing (SMS scams), and impersonation fraud.

Never click links or respond to messages claiming things like:

Also be alert to calls pretending to come from Coupang, banks, the police, or government offices. These scams often target foreigners using fear and urgency.

🗒️ A Final Note for Foreign Residents in Korea

Life in Korea is fast and incredibly convenient. But when incidents like this happen, the anxiety can feel overwhelming. If you’re a foreign resident who isn’t fully comfortable with Korean yet, these situations can feel even more stressful and confusing.

Spending just 10 minutes today to update your password and payment settings can greatly reduce the risk of secondary damage.

And I’ll continue to share important safety updates like this to help make your life in Korea a little safer and easier.