Line app allowed Chinese firm to access personal user data
In a press conference today, the Japanese government announced it was investigating the parent company behind the Line instant messaging app after a local newspaper reported that engineers at one of the app's Chinese contractors accessed the messages and personal details of Line users.
According to Japanese newspaper The Asahi Shimbun, four Chinese engineers accessed Line's infrastructure and viewed messages and personal information of Line users, such as names, phone numbers, email addresses, and Line IDs.
The four engineers worked for a yet-to-be-named Shanghai-based software firm that the LINE Corporation had subcontracted to develop artificial intelligence-based services for the Line application.
The four engineers are said to have accessed Line user data on 32 different occasions since August 2018.
A bigger breach to be discovered?
Most of Line's 86 million userbase is made up of Japanese users, and the Asian country has very strict data and privacy protection regulations. Under these regulations, companies like Line must inform users when their data has been accessed by a third-party or stored overseas.
Government officials are now investigating the company for privacy regulations breaches and for failing to disclose the unauthorized accesses in its transparency report.
In a statement for Asahi Shimbun reporters, Line said it wasn't aware of the breach prior to reporters reaching out and cut off the contractors access soon after, on February 24.
Privacy experts also warn that it is currently unclear how many users have been impacted by these illegal accesses, and a bigger security breach could be discovered in the future.
Both the LINE Corporation and Z Holdings Group published apologies on their websites.
The Z Holdings Group, a SoftBank subdivision, merged with the LINE Corporation at the start of March 2021, as part of SoftBank's plans to consolidate its presence on Japanese personal communications market.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.