Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Coupang breach and cloud identity risk: what IAM teams missed


(@unosecur)
Honorable Member
Joined: 1 year ago
Posts: 188
Topic starter  

TL;DR: Coupang disclosed unauthorized access affecting 33.7 million customer accounts, with exposed names, contact details, and order information, while the attack path remains undisclosed and the incident persisted for months, according to Unosecur. The real issue is not malware versus insider activity, but how cloud identity governance allows access to outlive visibility, review, and offboarding.

NHIMG editorial — based on content published by Unosecur: Coupang Data Breach and what it reveals about identity risk in cloud environments

By the numbers:

Questions worth separating out

Q: What breaks when cloud access is not revoked quickly enough?

A: The breach window stays open after the business relationship has ended.

Q: Why do cloud breaches so often come back to identity and access management?

A: Cloud platforms rely on identity for nearly every privileged action, so weak governance turns access itself into the attack path.

Q: How do organisations know whether offboarding is actually working?

A: They measure revocation speed, session termination, key invalidation, and third-party access removal after a departure or role change.

Practitioner guidance

What's in the full article

Unosecur's full blog post covers the operational detail this post intentionally leaves for the source:

  • The company’s own breakdown of the disclosure timeline, including when unauthorized access was identified and how long it may have persisted.
  • The vendor’s discussion of cloud identity risk signals, including offboarding weaknesses, insider-risk considerations, and identity-first exposure patterns.
  • The identity security platform framing used by Unosecur to explain how it maps human and non-human identities in cloud environments.
  • The incident FAQ section that ties the breach to identity control failures and suggested operational responses.

👉 Read Unosecur’s analysis of the Coupang data breach and cloud identity risk →

Coupang breach and cloud identity risk: what IAM teams missed?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Cloud identity governance fails when organisations assume access can be reviewed after the fact. Coupang’s disclosure shows the more dangerous pattern: unauthorized access can persist long enough to move through normal business data paths before anyone notices. That is not a perimeter failure. It is a governance failure in how cloud access is granted, observed, and revoked.

A few things that frame the scale:

  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which helps explain why identity abuse can persist unnoticed in cloud environments.

A question worth separating out:

Q: Who is accountable when unauthorized access persists in a cloud environment?

A: Accountability sits with the team that owns identity lifecycle, access governance, and the systems that issue or retain privileges. In practice that usually means IAM, cloud security, and the business owner of the access path must share responsibility for revocation, review, and monitoring.

👉 Read our full editorial: Coupang data breach shows cloud identity risk outlasting controls



   
ReplyQuote
Share: