[BreachExchange] LINE Pay leaks around 133, 000 users' data to GitHub, of all places

[Terrell Byrd]

https://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/

Smartphone payment provider LINE Pay announced yesterday that around
133,000 users' payment details were mistakenly published on GitHub between
September and November of this year.

Files detailing participants in a LINE Pay promotional program staged
between late December 2020 and April 2021 were accidentally uploaded to the
collaborative coding crèche by a research group employee.

Among the leaked details were the date, time, and amount of transactions,
plus user and franchise store identification numbers. Although names,
addresses, telephone, credit card and bank account numbers were not shared,
the names of the users and other details could be traced with a little
effort.

The information – which covered of over 51,000 Japanese users and almost
82,000 Taiwanese and Thai users – was accessed 11 times during the ten
weeks it was available online.

The information has since been removed, and LINE said users have been
notified. The fintech division of the communication app company issued an
apology and promised to train staff better.

This is not LINE's first security snafu.

Over 100 local political figures and dignitaries who used the company's
messaging app had their communications extracted on July 2021 when a
cyberattack managed to turn off encryption functions.

Just a few months earlier, in March, infosec concerns led Japanese
government officials to stop using the app when it was revealed that some
data had made its way to China. Japan had previously relied on the
communication app for many regional government communications.

LINE's promise that it will improve may therefore need to be taken with a
pinch of salt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211207/492bb98a/attachment.html>