LY Corporation, the company behind Line, one of the most popular social media platforms in Japan, recently confirmed that there has been a huge data breach of their systems.
The breach has resulted in the leakage of over 440,000 files, 300,000 of which are linked to the Line messaging app. Some of these files include personal information, such as email address, names, age groups, genders, and service usage history.
LY insists that the data has not been misused by anyone so far, but of course, we can’t say that for sure yet as details surrounding the breach are still a bit unclear.
Cause and Discovery of the Breach
The malware that enabled the unauthorized data access infiltrated an employee computer system at LY’s South Korea-based affiliate Naver Cloud. Since Naver Cloud’s system shares an authentication platform with LY's internal networks, the hackers were able to infiltrate LY's systems and access the data.
The company confirmed knowledge of the breach on October 29th but delayed making an announcement for roughly one month. LY explained the time lag was necessary to fully ascertain the breadth of the security failure before going public.
After the breach was discovered, LY Corporation blocked access to their external servers from the affiliate’s systems. This prevented their services from requesting information from their users.
However, the company has said that if you have been a victim of this breach, then don’t respond to any message or email that has been sent by LY Corporation as it could be a scam.
In a statement released on the company’s official site, LY said, "We sincerely apologize to our users and all relevant parties for any inconvenience or concern caused.” The company expressed regret in the statement, saying, “We deeply regret this incident and will do our best to prevent any reoccurrence."
LY pledged to individually contact all users, partners, and customers it deems potentially impacted or at risk due to the data theft. The company also reported the incident to Japan's communications ministry.
Preventing Future Attacks
LY did not elaborate on what specific actions it will take to shore up its security measures and prevent future attacks. The company also did not comment on whether it plans to offer credit monitoring or other protective services to impacted individuals.
It remains to be seen what LY will do to protect its users’ personal information in the future and how it will strengthen its systems to prevent a similar attack from happening again.