Notifications

Clear all

Coupang breach and cloud identity risk: what IAM teams missed

Last Post

RSS

Unosecur

(@unosecur)

Honorable Member

Joined: 1 year ago

Posts: 188

Topic starter 24/06/2026 8:44 pm

TL;DR: Coupang disclosed unauthorized access affecting 33.7 million customer accounts, with exposed names, contact details, and order information, while the attack path remains undisclosed and the incident persisted for months, according to Unosecur. The real issue is not malware versus insider activity, but how cloud identity governance allows access to outlive visibility, review, and offboarding.

NHIMG editorial — based on content published by Unosecur: Coupang Data Breach and what it reveals about identity risk in cloud environments

By the numbers:

80% of recent cloud incidents were linked to identity-related issues, such as excessive permissions, misconfigurations, and poorly governed identities.
Only 44% of companies ensure that all access rights are revoked within 24 hours of an employee’s departure.
Around 59% of companies report experiencing a data breach related to poorly managed offboarding processes.

Questions worth separating out

Q: What breaks when cloud access is not revoked quickly enough?

A: The breach window stays open after the business relationship has ended.

Q: Why do cloud breaches so often come back to identity and access management?

A: Cloud platforms rely on identity for nearly every privileged action, so weak governance turns access itself into the attack path.

Q: How do organisations know whether offboarding is actually working?

A: They measure revocation speed, session termination, key invalidation, and third-party access removal after a departure or role change.

Practitioner guidance

Tighten revocation SLAs for all departures Set a measurable SLA for revoking human, vendor, and service access after role change or exit.
Review effective access, not assigned roles Inventory cloud identities and compare assigned permissions with actual usage, inherited entitlements, and dormant sessions.
Correlate identity events with data access Join IAM, cloud audit, and data telemetry to spot unusual persistence, atypical dataset access, and privilege use that does not match the expected function.

What's in the full article

Unosecur's full blog post covers the operational detail this post intentionally leaves for the source:

The company’s own breakdown of the disclosure timeline, including when unauthorized access was identified and how long it may have persisted.
The vendor’s discussion of cloud identity risk signals, including offboarding weaknesses, insider-risk considerations, and identity-first exposure patterns.
The identity security platform framing used by Unosecur to explain how it maps human and non-human identities in cloud environments.
The incident FAQ section that ties the breach to identity control failures and suggested operational responses.

👉 Read Unosecur’s analysis of the Coupang data breach and cloud identity risk →

Coupang breach and cloud identity risk: what IAM teams missed?

Explore further

View Full Forum → | NHI Foundation Course → | Our Services →

Quote

Topic Tags

Forum Statistics

9 Forums

8,535 Topics

14.5 K Posts

131 Online

135 Members

Latest Post: Identity fraud and resident accounts: what IAM teams need to change Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies