Photo/Illutration A sign of LY Corp., born through the merger of Line Corp. and Yahoo Japan Corp. (Junki Watanabe)

A cyberattack has caused a leak of hundreds of thousands of pieces of personal information about users of the popular Line messaging app, service provider LY Corp. said Nov. 27.

The hackers attacked a subcontractor of a subsidiary of South Korean information technology giant Naver Corp., a major shareholder of LY, which was created through the Oct. 1 merger of Line Corp. and Yahoo Japan Corp.

Line shares part of its systems infrastructure with Naver’s systems subsidiary. The subcontractor could access Line’s systems through the subsidiary.

So the hackers, through the attack on the subcontractor, gained access to about 440,000 pieces of personal information, LY said.

The company said 390,000 pieces of information have been confirmed leaked. 

Around 250,000 of the confirmed leaks and 50,000 potential leaks contained information about Line users, including 130,000 in Japan.

More than 20 types of personal information have been leaked, including the user’s country, age, gender, frequency of call use and stamp purchase history.

The Line app has 95 million users.

LY said messages sent through the Line app as well as bank account and credit card information have not been leaked.

“We apologize sincerely and deeply,” the company said in a statement.

LY said about 20,000 pieces of information illegally accessed fall under the “secrecy of communication” category as defined by the Constitution.

The information included in-house “identifiers” that Line assigns to users for management purposes.

LY said hackers could gain individual users’ names and other personal information by technically analyzing the identifiers.

In addition, about 86,000 pieces of information on LY’s business partners and about 51,000 pieces of information on LY and Naver employees were leaked.

Those leaks consisted mainly of email addresses, but some included the names of employees and their companies.

Unauthorized access to Line’s systems through Naver’s subsidiary started on Oct. 9.

LY started an investigation on Oct. 17. It blocked access and took other countermeasures on Oct. 27.

The company said it will consider reviewing Line’s use of the systems infrastructure shared with Naver’s subsidiary.

The incident has been reported to the communications ministry and the Personal Information Protection Commission.

LY said it has received no reports of secondary damage to users or business partners, but it plans to individually contact users who may have been affected.

In 2021, Line came under criticism for lax management of personal information after it was discovered that employees of a subcontractor in China could access information on users of the app, such as names and phone numbers.

In August, Yahoo Japan received administrative guidance from the communications ministry for providing users’ location data to Naver for the development of a search engine.

(This article was written by Junki Watanabe and Shuhei Shibata.)

Related News