LINE Pay, a smartphone payment provider, announced yesterday that between September and November of this year, approximately 133,000 users’ payment details were inadvertently published on GitHub.
A research group employee accidentally uploaded files detailing participants in a LINE Pay promotional programme staged between late December 2020 and April 2021 to the collaborative coding crèche.
The date, time, and amount of transactions, as well as user and franchise store identification numbers, were among the leaked details. Although names, addresses, telephone numbers, credit card and bank account numbers were not disclosed, the names of the users and other information could be traced with some effort.
During the ten weeks it was available online, the information was accessed 11 times by over 51,000 Japanese users and nearly 82,000 Taiwanese and Thai users.
The information has since been removed, and users have been notified, according to LINE. The communication app company’s fintech division apologised and promised to improve employee training. This isn’t LINE’s first security blunder.
When a cyberattack managed to disable encryption functions, over 100 local political figures and dignitaries who used the company’s messaging app had their communications extracted in July 2021.
Just a few months prior, in March, information security concerns prompted Japanese government officials to discontinue use of the app after it was revealed that some data had made its way to China. Previously, Japan had relied on the communication app for many regional government communications. As a result, LINE’s promise to improve may need to be taken with a grain of salt.