Japan on Line Breach: Clean Up Post-Merger Tech Sprawl

We Keep you Connected

Japan on Line Breach: Clean Up Post-Merger Tech Sprawl

Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
A Japanese ministry blames a shared Active Directory between merged tech companies Line and South Korea’s Naver for a massive data breach last November.
March 6, 2024
Analysis by the Japanese government of a recent data breach at the widely popular Asian messaging application Line has resulted in a directive for the organization to break up its technology from parent company Naver.
A series of megamergers in recent years resulted in Line becoming more popular than WhatsApp in countries like Japan and Thailand, under the control of South Korean tech giant Naver. Then making matters worse, in 2021, Line merged with Yahoo Japan, which is owned by SoftBank, leaving Line's business divided between the Japanese SoftBank and South Korean Naver. It all left behind a rambling combined technology footprint that provided a gappy, sprawling attack surface which ultimately led to the November 2023 data compromise of more than 510,000 Line users, according to new administrative guidance issued by the Japanese Ministry of Internal Affairs and Communications on Mar. 5.
Somewhere along the megamerger way, Naver and SoftBank decided to join up to try to create an Asian technology juggernaut, called LY Corp, to rival Google and Amazon, according to Nikkei Asia. The problem, according to the analysis by the Japanese ministry, is that the merged organization, which includes Line as well as other services, has relied too heavily on Naver's technology. Among criticisms of Naver and Line's cybersecurity practices is the presence of a shared Active Directory between them, as well as the Naver cloud's "extensive access" to Line's network, the Register reported.
"It is necessary to make appropriate considerations for reviewing the management of your company, including your parent company, in order to make the management and supervision of outsourced parties function properly," the Ministry said in its final report to LY Corp.
The government regulators are calling for a review of both Naver and Line's cyber practices, as well as regular quarterly updates on their progress.
LY Corp. has agreed to cooperate with the Japanese government's requests, it said.
Dark Reading Staff
Dark Reading
Dark Reading is a leading cybersecurity media site.
You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
AI-Driven Testing: Bridging the Software Automation Gap
The Rise of the No-Code Economy
The State of Incident Response
A Solution Guide to Operational Technology Cybersecurity
Endpoint Best Practices to Block Ransomware
2023 Snyk AI-Generated Code Security Report
Understanding AI Models to Future-Proof Your AppSec Program
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.