Gmarket, one of South Korea’s largest e-commerce platforms, will fully reimburse customers affected by a spate of unauthorized purchases, as concerns rise nationwide over account-theft incidents targeting major online retailers.
The company said all users who reported suspicious transactions will receive full refunds, and staff will guide them through compensation procedures and police filings. Gmarket described the move as a “proactive, moral measure” aimed at protecting consumers and curbing digital-fraud crimes.
Gmarket said its internal investigation found no evidence of hacking or system breaches. Instead, it believes criminals used login credentials and payment PINs stolen from unrelated external sources, taking advantage of the widespread tendency to reuse the same ID and password across multiple websites.
To mitigate further damage, Gmarket has rolled out immediate security enhancements. Customers who have not updated their passwords in the past month are being prompted to change them, with alerts placed throughout login pages and customer-service channels. The company is also urging users to activate two-factor authentication, while certain high-risk categories — such as digital gift cards, which can be easily resold — now require stronger identity verification.
The incident surfaced on Nov. 29 after users reported unauthorized purchases of digital gift cards. Roughly 60 customers were affected, with individual losses ranging from about $22 to $150. Although the amounts fall below South Korea’s threshold for mandatory reporting, Gmarket said it voluntarily notified financial regulators amid heightened public concern following Coupang’s recent large-scale data breach.
Gmarket said it is cooperating with law-enforcement authorities to determine how attackers obtained customer information and to prevent further intrusions.
“We are prioritizing customer safety and will continue strengthening our security to prevent any future unauthorized access or phishing-related damage,” a company spokesperson said.
