Updated Mar. 11, 2024 9:03PM GMT+9
On March 5, the Japanese government directed LY Corporation (Line Yahoo) to sever ties with South Korea’s Naver Cloud Corporation. This decision comes in the wake of a data breach incident. The Ministry of Internal Affairs and Communications (MIC) pointed to LY’s excessive reliance on Naver Cloud as the primary cause of the security lapse.
LY Corporation disclosed on its official website on November 27, 2023, that a data breach involving unauthorized access had occurred within LINE Corporation. LINE, a widely used Japanese messaging application, boasts a monthly user base of over 95 million, representing more than 70% of Japan’s population. The breach was traced back to a subcontractor’s personal computer, infected with malware, under the employ of Naver Cloud. Naver Cloud and LY Corporation utilize a shared internal system, protected by a unified authentication mechanism. It was discovered on October 9, 2023, that an external party had gained unauthorized access to the LINE system via Naver Cloud, a breach which led to the compromise of the personal data of over 510,000 users.
To prevent future incidents, the MIC issued a directive to LY Corporation, focusing on their need to enact enhanced security measures. On March 5, MIC officials met with LY’s CEO, Takeshi Idezawa, and personally delivered a document outlining key guidelines. The document emphasized that the root cause of the security breach was LY’s overreliance on Naver Cloud for managing crucial aspects of the LINE network and employee accounts. Additionally, LY’s technical infrastructure was significantly supported by Naver Cloud, cementing a dependency that was deemed, at the time, necessary and unavoidable. The Japanese authorities have identified this dependency as a key factor in LY’s challenges with demanding and enforcing stringent safety protocols from Naver Cloud.
The document from the MIC also detailed specific directives aimed at preventing similar incidents in the future. These directives underscored the necessity for LY Corporation to establish an independent Security Operations Center (SOC) within Japan. Additionally, the MIC pointed out that LY’s organizational and financial ties to Naver Cloud, wherein Naver Cloud owns a 50% stake in LY, classify their relationship as one of “Corporate Governance.” The MIC stressed the importance of governance to LY Corporation, highlighting the organizational structure where SoftBank holds the remaining 50% stake. This arrangement positions Naver Cloud in a role similar to that of a parent company for LY in this specific context.
The Readable reached out to Naver Cloud for comments on the data breach incident. The company responded, “As there have been no breaches affecting Korean users, we find it difficult to comment on the issue.” Regarding future actions LY will take in response to the directive from the MIC, Naver Cloud mentioned that it plans to discuss the matter further with LY.
This article has been updated to include Naver Cloud’s comments given to The Readable.