HomeRisk ManagementsJapan: Cleaning Up Post-Merger Tech Sprawl Following Line Breach

Japan: Cleaning Up Post-Merger Tech Sprawl Following Line Breach

Published on

spot_img

The recent revelation of a data breach at the popular messaging app Line has prompted the Japanese government to take action against the company’s parent organization, Naver. The government’s analysis has led to a directive calling for the separation of Line’s technology from Naver in order to address the security vulnerabilities that led to the breach.

Line’s journey to becoming a dominant messaging app in Asian markets, surpassing even WhatsApp in countries like Japan and Thailand, was marked by a series of mergers and acquisitions. The merger with Yahoo Japan in 2021, owned by SoftBank, further complicated Line’s business structure, with ownership divided between Japanese and South Korean tech giants. This convoluted ownership structure created a sprawling attack surface, with gaps in security that were exploited in the November 2023 data compromise affecting over 510,000 Line users.

The Japanese Ministry of Internal Affairs and Communications issued administrative guidance on Mar. 5, instructing Line and its parent companies to disentangle their technology and strengthen cybersecurity practices. The analysis by the ministry highlighted concerns about the reliance on Naver’s technology within the merged organization, known as LY Corp. Critics pointed to shared Active Directory between Naver and Line, as well as extensive access to Line’s network from Naver’s cloud services.

In response to the government’s directive, LY Corp. has committed to cooperating with the review of its cybersecurity practices and providing regular updates on progress. The Ministry emphasized the importance of proper management and supervision of outsourced parties to ensure security protocols are effectively implemented.

The regulators are calling for a comprehensive review of Naver and Line’s cybersecurity measures, with a focus on identifying and addressing weaknesses in their systems. The quarterly updates requested by the government will monitor the implementation of security improvements and track the progress of ongoing efforts to enhance data protection.

The collaborative approach between LY Corp. and the Japanese government signals a commitment to addressing the underlying issues that led to the data breach. By acknowledging the need for stronger cybersecurity measures and actively engaging with regulators, Line and its parent companies are taking steps to safeguard user data and mitigate future security risks.

Source link

Latest articles

FortiBleed Credential Theft Connected to INC and Lynx Ransomware Activities

The newly uncovered FortiBleed campaign has raised significant security alarms within the cybersecurity community,...

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy...

Qilin Leads the Ransomware Market, According to Infosecurity Magazine

The ransomware ecosystem is undergoing significant transformation, shifting from fragmentation toward a phase of...

New NetScaler Vulnerability Similar to CitrixBleed Under Active Exploitation

Smaller Leak But Still Dangerous: A New Vulnerability in Citrix Technologies In a recent security...

More like this

FortiBleed Credential Theft Connected to INC and Lynx Ransomware Activities

The newly uncovered FortiBleed campaign has raised significant security alarms within the cybersecurity community,...

Pegasus Spyware Targets European Parliament Member Investigating Spyware Misuse

A recently unveiled forensic investigation has shed light on a serious breach of privacy...

Qilin Leads the Ransomware Market, According to Infosecurity Magazine

The ransomware ecosystem is undergoing significant transformation, shifting from fragmentation toward a phase of...