Nationwide breach exposes vulnerabilities in low-cost IP cameras as investigators trace illicit footage to overseas adult website
South Korean police have taken four people into custody for allegedly breaching more than 120,000 internet-linked cameras placed in homes and commercial spaces. Investigators say the group broke into the devices by taking advantage of simple passwords and other basic security gaps, then used the intercepted footage to produce sexually explicit material for a foreign adult website. The incident has deepened public worries about digital privacy in a nation long troubled by camera-related crimes.
The National Police Agency reported that compromised cameras were located in homes, clinics, karaoke rooms, fitness studios, and other private facilities. One suspect alone was alleged to have infiltrated over 63,000 cameras, producing more than 500 illegal videos and earning substantial profits from selling the material. Authorities noted that the scale and locations of the breach reflect a growing threat to everyday surveillance devices.
How the Hackers Exploited IP Cameras
The hackers primarily targeted low-cost IP cameras, also known as home cameras, which are widely used for monitoring children, elderly family members, or small businesses. Unlike closed-circuit systems, IP cameras connect directly to the internet, allowing remote access through smartphones. This convenience, police warn, becomes a weakness when users rely on default or simple passwords such as “0000” or “1234,” making the devices easy to breach.
Investigators said the four suspects worked independently, even though their methods and the website they used overlapped. The two most active offenders were responsible for more than 60 percent of all illegal uploads to the foreign site over the past year. Another suspect reportedly hacked around 15,000 cameras, while a fourth accessed about 136 devices and stored footage privately.
Wide Range of Victims and Locations
The stolen footage included scenes from highly sensitive spaces, such as gynecology clinics, Pilates studios, clothing stores, and private living rooms. Police said many victims had installed cameras for safety or convenience, unaware that their live feeds could be intercepted and repurposed overseas. Investigators indicated that many of the targeted devices were used by women, contributing to what they described as “systematic targeting.”
Authorities confirmed that none of the suspects retained financial gains at the time of arrest. Police are now working with the National Tax Service to impose penalties, including potential taxes on illegal earnings.
Support for Victims and Ongoing Investigations
Police have already contacted 58 confirmed victim locations, providing guidance on changing passwords and securing devices. Dedicated case officers will assist victims with requesting deletion of illegal videos and blocking further circulation. The National Police Agency is also directing victims to the Digital Sex Crime Victim Support Center for counseling and legal assistance.
Alongside the four main arrests, police detained three individuals who purchased or viewed the illegal content. Authorities stressed that consumption of unlawfully filmed material is a criminal offense, and further investigations into buyers are underway. Efforts are ongoing with foreign agencies to identify and dismantle the website responsible for hosting the videos.
A Long-Standing National Challenge
Officials noted that South Korea has battled digital sex crimes for more than a decade. Between 2011 and 2022, nearly 50,000 arrests were made for producing or distributing illicit footage. Experts say the hacking of home cameras reflects an evolution in these crimes: rather than planting hidden devices, perpetrators now exploit everyday technologies connected to the internet.
The case also mirrors global trends. Similar large-scale breaches have occurred in China, Israel, and the United States, where vulnerabilities in internet-connected cameras have been exploited for surveillance or illicit content sharing.
Efforts to Strengthen Device Security
In response to the incident, authorities urged users to adopt strong passwords—at least eight characters with symbols—and update them regularly. They also advised frequent software updates and avoiding default login credentials. The Ministry of Science and ICT announced it is reviewing regulatory changes that would prevent IP cameras from operating unless users set complex passwords.
Officials warn that as long as weakly protected devices remain connected to the internet, they will continue to attract hackers. The recent arrests, they said, highlight the need for both stronger consumer awareness and industry-wide security improvements.
