Line mobile messaging app hit by systems breach, thousands of accounts leaked

Supply Chain
(Image credit: / TMLsPhotoG)

Line, the largest messaging app in Japan, suffered a data breach as a result of a supply chain attack that saw hackers steal sensitive data belonging to hundreds of thousands of users, business partners, and employees. 

A report from Cybernews flagged a breach notification letter from app operators LY Corporation being sent to affected users earlier this week. 

In the letter, it was said that the security team spotted the intrusion on October 17, with the attack itself probably taking place a week earlier, on October 9.

No reports of data misuse (yet)

The hackers breached the Line app through an affiliate company - NAVER. Line uses its Cloud Corporation system, and was compromised when an employee of the affiliate company infected their PC with malware. 

Unnamed hackers walked away with all kinds of sensitive data. In total, 440,000 personal data entries were taken, including at least 300,000 ones of app users.

App users have had call page activity, call termination types, talk room details (country, gender, age group, OS of the participants all included), content posting details (times, dates, total followers, etc.) stolen.  

Compromised employee data, meanwhile, includes full names, employee ID numbers, and email addresses. For business partners, they stole more than 86,000 email addresses. 

Financial and banking data was not taken, the company added. Chat messages remained secure, as well.

“We have received no reports of any secondary damage caused, including the misuse of information of users and business partners, but we will continue to conduct investigations and take prompt actions should necessary measures be required,” the company said in its notice. Affected individuals should be vigilant, as this type of data is ideal for running phishing or identity theft scams.

Line is also popular in the wider Asian market (Taiwan, Thailand, Indonesia). Cybernews claims it has more than 176 million monthly active users all over the world.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.