LY Corporation, the operator of the LINE secure messenger, has disclosed a massive data breach caused by a malware attack on service provider NAVER Cloud.
LINE is a popular communication platform with widespread use across Asia, especially in Japan. The app offers text, voice, video calls, group chats, and end-to-end encrypted messages. LINE has 500 million downloads on Google Play alone.
A notice and apology published today on LY Corporation’s website explains that malware infected a computer used by an employee of NAVER Cloud, with whom the firm shares in-house systems for internal management. The malware was leveraged by an intruder on October 9, 2023, to extend their access to other systems on the network. The breach was first detected on October 17 and was eventually confirmed on October 27 following an internal investigation.
At that time, LY Corporation reset all employee passwords and cut off the hackers’ access to the compromised servers. However, the data breach was non-reversible.
The incident has resulted in the exposure of the following:
- 302,569 data records of LINE users, including 129,894 users from Japan. Includes service history, internal identifiers, and info on privacy settings. Does not include bank or credit card information, or messages exchanged through the LINE app.
- 86,105 records of business partners, including their names and email addresses.
- 51,353 records relating to employees and other personnel, including their full names, ID numbers, and email addresses. Of those, 60% belong to LY Corporation, and the remainder 40% impact NAVER employees.
The company has also published a document listing all available details about the leaked information, the number of records, what data types these records concern, etc., so potentially affected users should review it to appreciate the exact impact the incident has on them.
Although LY Corporation has no evidence that a threat actor has misused the above information, it is individually notifying impacted users and business partners of the data breach. Moreover, the company took aggressive measures to prevent any unauthorized system access in the future, and informed the authorities of the incident.
Recipients of the data breach notices are advised to remain vigilant against unsolicited communications, most notably, phishing messages claiming to originate from LY Corporation, asking users to send more information under the pretext of the security incident.