Two teens busted for hacking server of Seoul’s public bicycle service, leaking private data
Published: 23 Feb. 2026, 17:02
![Bicycles for Seoul’s public bicycle service Ttareungi are seen on a street in Yeongdeungpo District, western Seoul on Feb. 1. [YONHAP]](https://koreaseafood.online/data/photo/2026/02/23/d207fcdd-c2dc-4678-ba30-201101990c72.jpg)
Bicycles for Seoul’s public bicycle service Ttareungi are seen on a street in Yeongdeungpo District, western Seoul on Feb. 1. [YONHAP]
Two teenagers have been referred to prosecutors for allegedly hacking the server of Seoul’s public bicycle service Ttareungi and leaking approximately 4.62 million users’ personal information, police said Monday.
The Seoul Metropolitan Police Agency’s cyber investigation division sent the two juveniles to prosecutors without detention on charges of violating the Information and Communications Network Act, police said Monday. The two are accused of breaking into a Ttareungi server operated by the Seoul Facilities Corporation in June 2024.
The leaked information included account IDs, mobile phone numbers, addresses, dates of birth, gender and weight. Names and resident registration numbers were not compromised, police said.
Files believed to contain Ttareungi user data were found on electronic devices seized from one of the two teenage suspects during an investigation into a distributed denial-of-service attack on a personal mobility rental company in October 2024, according to police.
Investigators later identified a second suspect who allegedly communicated through Telegram and directed the hacking. The second suspect was taken into emergency custody and also faces charges of interfering with the mobility rental company's operations.
The two suspects are believed to have exploited a server vulnerability that allowed access to subscriber information without separate authentication. One suspect discovered the flaw and informed the other, who proposed dividing roles to collect personal data, police said.
![The Seoul Metropolitan Police Agency headquarters in Jongno District, central Seoul is seen in this file photo [JOONGANG ILBO]](https://koreaseafood.online/data/photo/2026/02/23/ee861985-a211-4e9d-a0a4-b4786c8cfd23.jpg)
The Seoul Metropolitan Police Agency headquarters in Jongno District, central Seoul is seen in this file photo [JOONGANG ILBO]
The two met online while studying information security and remained in contact.
One suspect told investigators he committed the crime to demonstrate his technical skills, police said.
The other suspect has refused to make statements during questioning. Police sought arrest warrants twice for this second teenage suspect, but prosecutors did not request warrants, citing the suspect’s status as a juvenile.
Police said they are examining possible motives, including the sale of personal data.
Separately, police are conducting a preliminary inquiry after the Seoul Metropolitan Government requested an investigation into officials at the Seoul Facilities Corporation, which operates the Ttareungi service, for alleged violations of the Personal Information Protection Act.
“We will coordinate with the Personal Information Protection Commission to establish preventive measures and minimize secondary damage,” a police official said. “Please exercise caution regarding unsolicited contact or suspicious financial transaction requests.”
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY OH SAM-GWON [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)