Messaging App Line Exposed Users’ Data to China-Based Company

Messaging App Line Exposed Users’ Data to China-Based Company
The logo of Japanese messaging app operator Line Corp. in Tokyo, Japan, on June 10, 2016. (Kazuhiro Nogi/AFP via Getty Images)
3/18/2021
Updated:
3/18/2021

Japan’s popular messaging app Line recently conceded that its users’ personal data stored on its server in Japan could be accessed by engineers at a China-based affiliate company.

In an official response, Line said that user data had been accessed more than 32 times and that it’s now setting up a committee to rectify the situation.

According to a report by Japan’s public broadcaster NHK, Line had outsourced its system maintenance since 2018 to a company in Shanghai, which allowed four China-based engineers access to Japanese users’ personal data and information stored on servers in Japan, including users’ names, phone numbers, emails, and even the contents of users’ communications.

The foreign access to the personal data of Japanese nationals may have been in violation of Japan’s Personal Information Protection Act, which requires that if a user’s personal information is transferred to a foreign third party, user consent is required.

Line’s parent company, Z Holdings, stated that four Chinese engineers were involved in the data breach, but it’s still investigating whether any data was abused. Z Holdings has also said it will set up a committee within the company to investigate and rectify the situation, according to Japan’s TV Asahi.

“We can’t say yet if Line breached regulations or not, and we are conducting an investigation to find out,” a government official responsible for overseeing privacy regulations told Reuters.

The popular Japanese app currently has more than 194 million users across 230 countries, including 86 million users in Japan and 21 million users in Taiwan.

The company said it changed its data authorizations in late February, which makes it impossible for Chinese engineers to view user information. Line also stated that it will explain how it manages user personal data in a simpler way going forward.

Line Taiwan expressed on March 17 that Line won’t cooperate with any government to give them free access to user information, nor will it cooperate with monitoring or censorship.

Regarding privacy, such as user data and message content, Line Taiwan said that it has never provided any personal information of Taiwan users or users in other countries to the Chinese government. The global user data, including Taiwan users, is stored in servers in Japan and South Korea but not in China. Judging from the current login records, the personal data of Taiwanese users has not been exposed to any unauthorized access, the company said.

Line Taiwan has apologized publicly for the unease and security concerns among its users.