The recent revelation of a data breach at the popular messaging app Line has prompted the Japanese government to take action against the company’s parent organization, Naver. The government’s analysis has led to a directive calling for the separation of Line’s technology from Naver in order to address the security vulnerabilities that led to the breach.
Line’s journey to becoming a dominant messaging app in Asian markets, surpassing even WhatsApp in countries like Japan and Thailand, was marked by a series of mergers and acquisitions. The merger with Yahoo Japan in 2021, owned by SoftBank, further complicated Line’s business structure, with ownership divided between Japanese and South Korean tech giants. This convoluted ownership structure created a sprawling attack surface, with gaps in security that were exploited in the November 2023 data compromise affecting over 510,000 Line users.
The Japanese Ministry of Internal Affairs and Communications issued administrative guidance on Mar. 5, instructing Line and its parent companies to disentangle their technology and strengthen cybersecurity practices. The analysis by the ministry highlighted concerns about the reliance on Naver’s technology within the merged organization, known as LY Corp. Critics pointed to shared Active Directory between Naver and Line, as well as extensive access to Line’s network from Naver’s cloud services.
In response to the government’s directive, LY Corp. has committed to cooperating with the review of its cybersecurity practices and providing regular updates on progress. The Ministry emphasized the importance of proper management and supervision of outsourced parties to ensure security protocols are effectively implemented.
The regulators are calling for a comprehensive review of Naver and Line’s cybersecurity measures, with a focus on identifying and addressing weaknesses in their systems. The quarterly updates requested by the government will monitor the implementation of security improvements and track the progress of ongoing efforts to enhance data protection.
The collaborative approach between LY Corp. and the Japanese government signals a commitment to addressing the underlying issues that led to the data breach. By acknowledging the need for stronger cybersecurity measures and actively engaging with regulators, Line and its parent companies are taking steps to safeguard user data and mitigate future security risks.