Home 
Date of Incident:
June 24, 2025
Overview:
The Coupang Data Breach, reported on December 1, 2025, impacting the retail sector, involved unauthorized access to Coupang’s customer database on June 24, 2025. This breach exposed personal information, including full names, phone numbers, email addresses, physical addresses, and order details of 33.7 million customers. Notably, payment information and passwords remained secure. The breach, linked to MITRE ATT&CK techniques T1078 and T1059, was likely the result of credential compromise or phishing, with SQL injection used to exploit input validation flaws. Although there is no risk of financial theft, the breach poses significant privacy concerns. Similar companies in the sector include Amazon, eBay, Walmart, Alibaba, and JD.com.
>>Outpace Attackers With AI-Based Automated Penetration Testing
Impact:
Exposure of personal information of 33.7 million customers including full names, phone numbers, email addresses, physical addresses, and order information. Payment information and passwords were not exposed.
Details:
The Coupang Data Breach involved unauthorized access to the company’s customer database exposing full names, phone numbers, email addresses, physical addresses, and order details of approximately 33.7 million customers. The attack mapped to MITRE ATT&CK techniques T1078 (Valid Accounts) and T1059 (Command and Scripting Interpreter), with initial access likely achieved through credential compromise or phishing. PoC code behavior included SQL injection payloads exploiting input validation flaws to extract data. IOCs found include suspicious IP addresses used in database queries, anomalous login timestamps, and network traffic indicating data exfiltration. Log artifacts reveal unusual database query logs, error logs showing failed login attempts, and registry changes linked with malware persistence. Payment information and passwords were not exposed, reducing the risk of financial theft but still posing privacy threats.
Remediation:
Coupang has recommended immediate password resets for impacted users and enhanced monitoring for suspicious activity. They applied patches to fix input validation vulnerabilities and strengthened access controls by implementing multi-factor authentication (MFA). Temporary mitigations included blocking suspicious IP addresses and conducting comprehensive internal audits to identify suspicious lateral movement.
Takeaway for CISO:
This breach highlights the critical importance of robust access control and input validation in retail databases that hold sensitive customer data. CISOs should prioritize proactive threat hunting and implement zero trust principles to limit lateral movement and protect customer privacy. Timely patching and user education on phishing are vital to reducing attack surfaces.
Outpace Attackers With AI-Based Automate Penetration Testing With FireCompass:
FireCompass is a single platform for AI-Powered Continuous Automated Red Teaming (CART), Pen Testing & NextGen Attack Surface Management
