Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
Japan on Line Breach: Clean Up Post-Merger Tech Sprawl
A Japanese ministry blames a shared Active Directory between merged tech companies Line and South Korea's Naver for a massive data breach last November.
Analysis by the Japanese government of a recent data breach at the widely popular Asian messaging application Line has resulted in a directive for the organization to break up its technology from parent company Naver.
A series of megamergers in recent years resulted in Line becoming more popular than WhatsApp in countries like Japan and Thailand, under the control of South Korean tech giant Naver. Then making matters worse, in 2021, Line merged with Yahoo Japan, which is owned by SoftBank, leaving Line's business divided between the Japanese SoftBank and South Korean Naver. It all left behind a rambling combined technology footprint that provided a gappy, sprawling attack surface which ultimately led to the November 2023 data compromise of more than 510,000 Line users, according to new administrative guidance issued by the Japanese Ministry of Internal Affairs and Communications on Mar. 5.
Somewhere along the megamerger way, Naver and SoftBank decided to join up to try to create an Asian technology juggernaut, called LY Corp, to rival Google and Amazon, according to Nikkei Asia. The problem, according to the analysis by the Japanese ministry, is that the merged organization, which includes Line as well as other services, has relied too heavily on Naver's technology. Among criticisms of Naver and Line's cybersecurity practices is the presence of a shared Active Directory between them, as well as the Naver cloud's "extensive access" to Line's network, the Register reported.
"It is necessary to make appropriate considerations for reviewing the management of your company, including your parent company, in order to make the management and supervision of outsourced parties function properly," the Ministry said in its final report to LY Corp.
The government regulators are calling for a review of both Naver and Line's cyber practices, as well as regular quarterly updates on their progress.
LY Corp. has agreed to cooperate with the Japanese government's requests, it said.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024