Cybersecurity News that Matters

Cybersecurity News that Matters

Japan directs Line Yahoo to separate from South Korean Naver Cloud

Cover Image of Post: Japan directs Line Yahoo to separate from South Korean Naver Cloud
Cover Image of Post: Japan directs Line Yahoo to separate from South Korean Naver Cloud

by Minkyung Shin

Mar. 08, 2024
10:33 PM GMT+9

Updated Mar. 11, 2024 9:03PM GMT+9

On March 5, the Japanese government directed LY Corporation (Line Yahoo) to sever ties with South Korea’s Naver Cloud Corporation. This decision comes in the wake of a data breach incident. The Ministry of Internal Affairs and Communications (MIC) pointed to LY’s excessive reliance on Naver Cloud as the primary cause of the security lapse.

LY Corporation disclosed on its official website on November 27, 2023, that a data breach involving unauthorized access had occurred within LINE Corporation. LINE, a widely used Japanese messaging application, boasts a monthly user base of over 95 million, representing more than 70% of Japan’s population. The breach was traced back to a subcontractor’s personal computer, infected with malware, under the employ of Naver Cloud. Naver Cloud and LY Corporation utilize a shared internal system, protected by a unified authentication mechanism. It was discovered on October 9, 2023, that an external party had gained unauthorized access to the LINE system via Naver Cloud, a breach which led to the compromise of the personal data of over 510,000 users.

To prevent future incidents, the MIC issued a directive to LY Corporation, focusing on their need to enact enhanced security measures. On March 5, MIC officials met with LY’s CEO, Takeshi Idezawa, and personally delivered a document outlining key guidelines. The document emphasized that the root cause of the security breach was LY’s overreliance on Naver Cloud for managing crucial aspects of the LINE network and employee accounts. Additionally, LY’s technical infrastructure was significantly supported by Naver Cloud, cementing a dependency that was deemed, at the time, necessary and unavoidable. The Japanese authorities have identified this dependency as a key factor in LY’s challenges with demanding and enforcing stringent safety protocols from Naver Cloud.

The document from the MIC also detailed specific directives aimed at preventing similar incidents in the future. These directives underscored the necessity for LY Corporation to establish an independent Security Operations Center (SOC) within Japan. Additionally, the MIC pointed out that LY’s organizational and financial ties to Naver Cloud, wherein Naver Cloud owns a 50% stake in LY, classify their relationship as one of “Corporate Governance.” The MIC stressed the importance of governance to LY Corporation, highlighting the organizational structure where SoftBank holds the remaining 50% stake. This arrangement positions Naver Cloud in a role similar to that of a parent company for LY in this specific context.

The Readable reached out to Naver Cloud for comments on the data breach incident. The company responded, “As there have been no breaches affecting Korean users, we find it difficult to comment on the issue.” Regarding future actions LY will take in response to the directive from the MIC, Naver Cloud mentioned that it plans to discuss the matter further with LY.

This article has been updated to include Naver Cloud’s comments given to The Readable.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Minkyung Shin

    Minkyung Shin serves as a reporting intern for The Readable, where she has channeled her passion for cybersecurity news. Her journey began at Dankook University in Korea, where she pursued studies in...

    View all posts
Editor:
Designer:
Stay Ahead with The Readable's Cybersecurity Insights