Hands on keyboard showing Line messaging app data breach

Data Breach on the Largest Japanese Messaging App Line Leaks 440K Records

Japanese tech giant LY Corporation has disclosed it leaked data of hundreds of thousands of individuals via a Line messaging app data breach.

LY Corp. was formed after the merger of Z Holdings, formerly Yahoo Japan, and Line Corporation, finalized in October 2023.

According to data breach letters LY Corp. sent to potential victims, the cyber intrusion occurred on October 9 and was detected on October 17, 2023.

The internet behemoth launched an investigation that determined hackers gained unauthorized access after breaching a South Korea-based affiliate NAVER Cloud when malware infected a computer owned by a subcontractor’s employee.

The companies share a personnel management system with a common authentication system, which was likely leveraged in the attack.

Messaging app Line data breach leaked extensive personal information

LY Corp. disclosed that the data breach leaked 440,000 items of personal data, including users’ age group, gender, and partial service usage histories.

The Line app data breach also leaked approximately 86,000 business partners’ data items, including email addresses, names, and affiliations, and over 51,000 employee records, including ID numbers and email addresses.

However, the Line messaging app data breach did not expose confidential chat messages, bank account details, or credit card information. So far, the app operator has received no reports of “secondary damage caused, including the misuse of information of users and business partners.”

“This breach serves as a crucial reminder of the risks associated with third-party users access – especially as third-party attacks increasingly infiltrate larger enterprises’ systems,” stated Almog Apirion, CEO and Co-Founder of Cyolo. “Further, the exposure of sensitive information of partners and employees raises concerns about the potential ripple effects with victims and organizations vulnerable to additional attacks.”

The Japanese internet giant said it took necessary steps to block external access to user data and reported the data breach to Japan’s communications ministry. The company is also contacting users, employees, partners, and customers whose information was illegally accessed.

LY dispatched the breach notification messages in English, Japanese, Bahasa Indonesia, Thai, and traditional Chinese. Line app has over 90 million users in Japan and another 100 million outside the country, including Taiwan, Thailand, and Indonesia, where it is also popular.

Despite blocking Line access in mainland China, the messaging app is still popular in Hong Kong and Taiwan, where the traditional Chinese language is common.

A previous security issue occurred in 2021 when the messaging app was accused of having inadequate controls over how engineers at its Chinese subsidiary could access Japanese users’ data.

The government vowed to investigate Line and recommend policy changes to assist the messaging app in complying with Japanese privacy laws, which require companies to notify users when sending personal data overseas.

Many countries, including the United States, perceive social media data access as a national security risk, afraid that adversaries could leverage the information for targeted disinformation and surveillance.

Messaging apps under threat

LY Corp. has not disclosed the intruder’s identity or motive, and it remains unclear if the Line data breach is linked to the Chinese incident.

Messaging apps have frequently been targeted by cybercriminals or inadvertently leaked user data. In July 2023, Tigo, an Android and iPhone messaging app, leaked over 100,000,000 chats online.

In November 2022, a hacker listed a WhatsApp database of nearly 500 million users on BreachedForums. Check Point Research corroborated the Cybernews’ report despite the Meta-owned company denying the alleged data breach.

Similarly, the encrypted chat app Signal notified 1,900 individuals in August 2022 that Twilio hackers had accessed their accounts.

“Zero-trust capabilities, such as identity enforcement measures, are crucial to enabling secure third-party access and attaining control and visibility over critical systems,” noted Apirion. “Through greater identity access management procedures, organizations can bolster the protection of critical assets, systems and most importantly, people’s information.”