Why it matters. A breach at a five-million-subscriber platform is a reminder that reused passwords expose people far beyond a single service, including international users of Korean streaming apps.
Background. TVING is a CJ ENM-backed streaming service often called a domestic competitor to Netflix in South Korea. Korean accounts often rely on identity-linked codes called CI and DI rather than exposing the national resident registration number directly, which is why the company stressed that the national ID itself was not leaked. Breaches involving Korean firms are typically referred to the Ministry of Science and ICT and KISA, the national internet security agency.
What to watch next. Watch for the joint investigation's findings and TVING's promised disclosure of how many accounts were actually affected.
TVING, one of South Korea’s largest homegrown video-streaming services, said hackers broke into a database holding subscriber information and copied personal data out of the company’s systems, prompting the country’s technology ministry to launch a formal investigation on June 3. The company has urged users to change their passwords on any other service where they reuse the same login.
TVING — frequently described as a domestic rival to Netflix and backed by CJ ENM, one of Korea’s biggest entertainment conglomerates — disclosed the breach in a notice posted to its website and app. The Kyunghyang Shinmun reports the platform has at least five million paid subscribers, making it one of the most widely used streaming services in the country.
What happened and what data was exposed
According to TVING’s own statement, the company detected unauthorized access on June 2 to a database storing user information. It said an unidentified hacker connected to the database and transmitted personal data files to an external location. TVING said it immediately blocked the attacker’s IP address, changed its cloud access-control policies, cut off the intrusion and stepped up security monitoring.
The exposed information includes user IDs, names, dates of birth, gender, phone numbers (with the last four digits encrypted), email addresses (with the ID portion encrypted, excluding the domain), refund bank account numbers (encrypted) and passwords (stored as one-way hashes). Also affected were two Korea-specific identifiers, CI (Connecting Information) and DI (Duplication Information) — encrypted codes derived from a citizen’s national ID that let services verify and link accounts without handling the raw ID number.
Crucially, TVING said that resident registration numbers — Korea’s highly sensitive national identity numbers — and valid payment details were not stored in the affected database and therefore were not leaked. The company has not yet said how many members were affected, stating it will confirm the figure only after its internal review is complete.
Government opens a joint investigation
The Ministry of Science and ICT (MSIT), South Korea’s technology regulator, said on June 3 that it had assembled a joint public-private investigation team to determine the cause of the breach and the scale of the damage. The team includes MSIT officials, the Korea Internet & Security Agency (KISA), and outside experts in digital forensics and cloud security. A review committee classified the incident as a “serious breach,” citing the possibility of large-scale data exposure and further harm. Investigators said they ordered TVING to preserve evidence and pledged to release their findings transparently.
Coverage diverged slightly in emphasis. The Hankyoreh foregrounded the regulator’s response and the urgent advice to change reused passwords, while the Kyunghyang Shinmun stressed the platform’s scale and the reassurance that national ID numbers and payment data were spared, alongside the company’s public apology.
What TVING is telling users
TVING apologized for the security incident and said it is cooperating fully with the authorities’ investigation. The company is running a dedicated customer support center to handle inquiries and damage claims, and says it will tighten access controls and overhaul its security systems to prevent a recurrence.
Its central piece of advice to users: because passwords were among the exposed fields, anyone who uses their TVING password on other websites or apps should change those passwords immediately to guard against credential-reuse attacks. TVING said it will issue a further notice with the confirmed number of affected accounts once its internal investigation concludes.
