Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

A Japanese ministry blames a shared Active Directory between merged tech companies Line and South Korea's Naver for a massive data breach last November.

Dark Reading Staff, Dark Reading

March 6, 2024

2 Min Read
Line and WhatsApp chat application windows displayed on computer screen
Source: dolphyn via Alamy Stock Photo

Analysis by the Japanese government of a recent data breach at the widely popular Asian messaging application Line has resulted in a directive for the organization to break up its technology from parent company Naver.

A series of megamergers in recent years resulted in Line becoming more popular than WhatsApp in countries like Japan and Thailand, under the control of South Korean tech giant Naver. Then making matters worse, in 2021, Line merged with Yahoo Japan, which is owned by SoftBank, leaving Line's business divided between the Japanese SoftBank and South Korean Naver. It all left behind a rambling combined technology footprint that provided a gappy, sprawling attack surface which ultimately led to the November 2023 data compromise of more than 510,000 Line users, according to new administrative guidance issued by the Japanese Ministry of Internal Affairs and Communications on Mar. 5.

Somewhere along the megamerger way, Naver and SoftBank decided to join up to try to create an Asian technology juggernaut, called LY Corp, to rival Google and Amazon, according to Nikkei Asia. The problem, according to the analysis by the Japanese ministry, is that the merged organization, which includes Line as well as other services, has relied too heavily on Naver's technology. Among criticisms of Naver and Line's cybersecurity practices is the presence of a shared Active Directory between them, as well as the Naver cloud's "extensive access" to Line's network, the Register reported.

"It is necessary to make appropriate considerations for reviewing the management of your company, including your parent company, in order to make the management and supervision of outsourced parties function properly," the Ministry said in its final report to LY Corp.

The government regulators are calling for a review of both Naver and Line's cyber practices, as well as regular quarterly updates on their progress.

LY Corp. has agreed to cooperate with the Japanese government's requests, it said.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights