The mobile payment provider LINE Pay disclosed recently that over 100,000 of their user’s data, payment details, and information were accidentally posted on GitHub from September to November of 2021.
Numerous files detailing its customers in a LINE Pay promo that happened between December 2020 to the early weeks of April 2021 were unintentionally inputted to the cross-sectoral coding manager by an analyst group employee. The researchers explained that crucial details and information were leaked and exposed accidentally by the employees, including the number of transactions, date, time, franchise store identification numbers, and premium users.
However, although details such as customers’ names, addresses, phone numbers, credit card info, and bank account numbers were not leaked, threat actors can easily exploit this information using the exposed available details mentioned above.
Researchers also revealed that three countries were majorly affected by the current LINE Pay incident, including Japan, Taiwan, and Thailand.
Over 50,000 Japanese users’ information was exposed, and about 80,000 to Taiwanese and Thai app users. Moreover, it was revealed that during the data exposure, it was visited and accessed 11 times by unknown entities. Researchers believed that in those 11 visitors, some of them might be threat actors that successfully gathered leaked data that can be used for future attacks.
Fortunately, the leaked information has been immediately removed, and the company has notified all LINE users. The fintech division of the communication app company has then released an apology to users and assured everyone that they would train their employees better.
Last July, over a hundred political personalities who used the LINE messaging app extracted their data when a cyberattack successfully turned off encryption functions. Additionally, in March of 2021, a researcher’s concern over the application made Japanese officials order their people to stop using the LINE app because some of their data has made it to China.
Nonetheless, the LINE company assured every user that they would aggressively improve their systems and performance moving forward.
