- LINE Pay reported that a research group employee accidentally uploaded 133,000 users' payment information on GitHub.
- The leaked data was accessed 11 times during the ten weeks it was available.
- The exposed information belonged to over 51,000 Japanese users and nearly 82,000 Taiwanese and Thai users.
The LINE Pay mobile payment provider announced on Monday that it exposed the payment details of around 133,000 users after the data was mistakenly posted on GitHub from September to November 2021 by a research group employee. The data breach affected customers that participated in a LINE Pay promotional program that took place between late December 2020 and April 2021.
The files exposed on GitHub contained information about the promotion participants, such as user identification numbers, store management codes, and names of promotional activities, such as campaign name, payment amount, and payment date and time. However, LINE Pay explained that the leaked information did not include users' names, addresses, phone numbers, credit card numbers, or bank details.
This data dump affecting over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users was accessible from September 12, 2021, to November 24, 2021, and LINE Pay stated that leaked information had been deleted and affected users notified on December 6, 2021. The company said the exposed data was accessed by unauthorized persons 11 times.
LINE Pay apologized for the incident and advises users to show precaution regarding the potentially malicious incoming messages that may be disguised as coming from the company. They also said it would provide more comprehensive training for its employees in the future to deal with customer data and promised not to repeat this mistake.
In July 2021, a cyberattack turned off encryption functions in the company's messaging app and exfiltrated conversations of over 100 local politicians and dignitaries. In March, Japanese government officials stopped using the app after revealing that it sent some data to China. Japan was previously reliant on this app to communicate with its regional governments.