Following a recent data breach at Line, a popular Asian messaging application, the Japanese government has conducted an analysis that has resulted in a directive for the organization to separate its technology from parent company Naver. This move comes in response to a significant data compromise that affected over 510,000 Line users in November 2023.
Line, which became more popular than WhatsApp in countries like Japan and Thailand, had been under the control of South Korean tech giant Naver. However, in 2021, Line merged with Yahoo Japan, owned by SoftBank, creating a complex corporate structure involving both Japanese and South Korean entities. This merger led to a convoluted technology footprint, leaving Line vulnerable to cyberattacks.
According to the Japanese Ministry of Internal Affairs and Communications, the merged organization, including Line and other services, had become overly reliant on Naver’s technology. Criticisms included the presence of a shared Active Directory between Naver and Line, as well as extensive access by Naver’s cloud to Line’s network. The ministry identified these security flaws and issued administrative guidance on Mar. 5, calling for a separation of technology to enhance cybersecurity practices.
In an effort to address these concerns, Naver and SoftBank had previously joined forces to create LY Corp, aiming to establish an Asian technology powerhouse to compete with global giants like Google and Amazon. However, the Japanese government’s analysis highlighted shortcomings in cybersecurity practices within the merged organization, prompting the directive for a technology separation.
The Ministry emphasized the importance of proper management and supervision of outsourced parties, including parent companies, to ensure the security of user data. As part of the directive, LY Corp is required to review its cyber practices and provide quarterly updates on improvements to government regulators.
LY Corp has expressed its willingness to cooperate with the Japanese government’s requests, indicating a commitment to addressing the cybersecurity issues highlighted in the analysis. Moving forward, closer scrutiny of Naver and Line’s technology infrastructure is expected, as authorities work to strengthen defenses against potential cyber threats.
Overall, the directive for a technology separation serves as a proactive measure to safeguard user data and strengthen cybersecurity measures within Line and its affiliated services. By addressing vulnerabilities and enhancing oversight of technology practices, the organization aims to rebuild trust with users and prevent future data breaches.