Passkey protection launched in Taiwan, but confidence shaken after Korea data exposure
Coupang’s sweeping data leak has laid bare what many call a double standard in its cybersecurity practices, in which the company prioritizes protections in Taiwan while leaving its core Korean market more vulnerable.
While the data of millions of users in Korea was being exposed for months, Coupang’s Taiwan unit announced on Oct. 21 that it had introduced Fast Identity Online, branded as “Coupang Passkey,” a password-free login system using biometric verification. The company said the feature is intended to protect account information and eliminate the risk of password theft.
After the breach compromised data for nearly 34 million users in Korea, Coupang said there is no indication that Taiwanese accounts were impacted.
During a parliamentary inquiry Wednesday, Rep. Lee Hun-seung accused the company of neglecting its core market, asking whether the breach would have occurred “if the latest passkey technology had been introduced in Korea.”
Coupang CEO Park Dae-jun replied, “We could have provided a much safer service. We acknowledge the gaps and will move quickly to introduce the technology in Korea.”
Although Coupang insists that only personal information such as names, addresses and phone numbers was leaked, not login credentials, industry sources report that some users have received alerts about suspicious log-in attempts from overseas or “unknown” locations.
Possible log-in breaches could have wider ripple effects, since Coupang and Coupang Pay operate under a unified account system, notwithstanding the company’s claim that its payments arm showed “no signs of hardware intrusion.”
Financial Supervisory Service Gov. Lee Chan-jin said the agency began an on-site inspection Wednesday and it will open a formal probe if any payment data leakage is found.
Since 2022, Taiwan has become a testing ground for Coupang’s Rocket Delivery playbook abroad. Coupang's founder Bom Kim told investors that the service is generating strong year-over-year and quarter-over-quarter revenue growth during the third-quarter earnings call on Nov. 5.
It yet remains a modest contributor to Coupang’s top line. In the third quarter, the company’s product commerce segment produced $8 billion in revenue, compared with $1.3 billion from the “developing offerings” segment, which includes Taiwan’s Rocket Delivery, Coupang Eats and Coupang Play.
Yet enhanced cybersecurity has not calmed fears in Taiwan, where some users question whether their payment data would be protected.
A Taiwanese customer in her 20s, surnamed Zhang, said the incident has made her “a little worried,” though she continues to rely on Coupang.
“I use Coupang often, and so do my family and friends,” she said, adding that she will likely keep shopping via the site for its fast delivery and lower prices. “But I’m unlinking my credit card, just to be safe.”
Others are more alarmed about how the company handled information that could put their financial data at risk. “I have to admit I’m concerned,” said Yang, also in her 20s. “In Facebook groups, people are already talking about removing their credit cards from their accounts.”
According to local reports on Wednesday, Taiwan’s Ministry of Digital Affairs said it has found no leaks involving Taiwanese accounts after contacting Coupang. The ministry said it is continuing to monitor the case and remain in contact with Coupang to safeguard local users’ personal data.
minmin@heraldcorp.com
