On the morning of June 3, 2026, millions of South Koreans awoke to an unsettling notification: 티빙 (TVING), the nation’s largest online video streaming platform, had suffered a major data breach. The incident, which occurred on June 2, exposed a wide array of sensitive user information, triggering widespread concern about digital privacy and the robustness of cybersecurity at some of Korea’s leading tech companies.
According to multiple reports from 연합인포맥스, 전자신문, 중앙일보, 경향신문, and 연합뉴스TV, an unidentified hacker gained unauthorized access to 티빙’s user database. The breach resulted in the external transfer of files containing personal data. The compromised information includes user IDs, names, dates of birth, gender, unique identification values such as CI (connection information) and DI (duplicate subscription confirmation information), partially encrypted phone numbers and email IDs, encrypted refund account numbers, and hashed passwords. While 티빙 clarified that resident registration numbers and valid payment information were not leaked—since the company does not store them—the exposure of CI and DI, which are used for personal verification, has raised particular alarm among privacy advocates.
In an official notice posted on its website and mobile app, 티빙 stated, “We have confirmed that personal information of members was leaked due to unauthorized access.” The company added, “To prevent possible damage, we recommend changing your password for 티빙 and any other services where you use the same credentials.”
After detecting the breach, 티빙 moved quickly to block the attacker’s IP address, modify its cloud access control policies, and bolster monitoring of database access. The company also established a dedicated customer service center to support affected users and began cooperating with the Korea Internet & Security Agency (KISA) and the Personal Information Protection Commission to investigate the incident. “We are thoroughly checking the cause and scope of the incident while prioritizing customer protection,” a 티빙 representative explained, promising that “all confirmed facts will be disclosed transparently.”
But the damage may already be done. With an estimated five million paid subscribers and 7.7 million monthly active users, 티빙’s breach has the potential to impact a significant portion of the South Korean population. As reported by 전자신문, the exact number of affected users remains undisclosed, but the inclusion of unique identifiers like CI and DI in the leaked data has experts warning of possible secondary damages, such as identity theft or targeted phishing attacks.
The timing of the breach has amplified its impact. Just recently, another CJ Group affiliate was embroiled in a separate internal leak involving the personal information of over 330 current and former female employees. That incident, believed to have been perpetrated by someone with intranet access, exposed not only basic personal details but also sensitive family photos, causing significant distress among victims. The back-to-back nature of these incidents has put CJ Group’s overall security management under intense scrutiny.
Security experts interviewed by 중앙일보 and 경향신문 pointed out that the 티빙 breach highlights vulnerabilities in both external threat defense and internal access monitoring at CJ Group. “Given the size of 티빙’s subscriber base, the ripple effects of this leak could be considerable,” one anonymous cybersecurity specialist noted. “Depending on the findings, 티빙 could become the first major test case for the amendments to the Personal Information Protection Act coming into effect this September.” These amendments will allow privacy regulators to impose fines of up to 3% of a company’s total sales for data breaches—a potentially hefty penalty for a platform of 티빙’s scale.
For many users, the most pressing question is what practical steps they should take to safeguard their data. 티빙 has advised all members to change their passwords, especially if they use the same credentials for other services. The company has also set up a hotline and dedicated email address for damage reports, promising to assist victims through the remediation process. “We deeply apologize for the concern caused by the personal information leak,” 티빙 said in its statement, adding that further guidance on compensation and additional measures would be provided as the investigation continues.
This is not the first time 티빙 has faced cybersecurity challenges. In December 2025, the platform detected and blocked a credential stuffing attack, where hackers attempted to log in using credentials obtained from breaches of other services. At that time, 티빙 reported no data leak, but the incident served as a warning about the constant threat landscape facing online platforms.
The broader context only adds to the sense of urgency. Last year, e-commerce giant Coupang was called before the National Assembly after leaking the personal information of more than 33 million users. The ensuing outcry led to widespread criticism and demands for stiffer corporate accountability. With the new privacy law amendments looming, industry observers believe that CJ Group and 티빙 may soon face similar scrutiny, both from regulators and the public.
For now, 티빙’s immediate response has been to reinforce its security posture and work closely with government agencies. The company stated, “We will fully cooperate with the government and related organizations and do our utmost to prepare measures to prevent a recurrence.” Yet, as the scale and consequences of the breach come into sharper focus, many are left questioning whether these steps will be enough to restore trust in the platform—and in the broader ecosystem of digital services that have become so deeply woven into daily life.
As the investigation unfolds and users await further updates, one thing is clear: the 티빙 breach is a stark reminder of the persistent vulnerabilities in the digital age, and the urgent need for companies to treat data protection as a top priority, not just an afterthought.