LINE Pay Leaks Around 133,000 Users' Data To GitHub

Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year. The Register reports: Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding creche by a research group employee. Among the leaked details were the date, time, and amount of transactions, plus user and franchise store identification numbers. Although names, addresses, telephone, credit card and bank account numbers were not shared, the names of the users and other details could be traced with a little effort.

The information -- which covered of over 51,000 Japanese users and almost 82,000 Taiwanese and Thai users -- was accessed 11 times during the ten weeks it was available online. The information has since been removed, and LINE said users have been notified. The fintech division of the communication app company issued an apology and promised to train staff better.

Everything's online

[CaptQuark]

People should just resign themselves that at some point, almost all data online will be accessible. It's unfortunate but nearly inevitable. Companies get too much revenue from sharing data between "partners" for them to control.

Re:Everything's online

[Rosco P. Coltrane]

People should just resign themselves that at some point

Not sure how old you are, but personally I've given up literally decades ago. The only thing you can do is damage control: feed as little information as possible to outside actors (only what's strictly needed and nothing else), poison the well whenever you know "required" data is only required by the sumbitches to marketing your ass, use burner emails whenever possible, don't reuse credentials and rotate them... that sort of things.

Unintentional data leaks will happen, intentional data leaks for money will happen far often, and the best you can do is limit who can exploit what and how easily.

Re:

[houstonbofh]

feed as little information as possible to outside actors (only what's strictly needed and nothing else), poison the well whenever you know "required" data is only required by the sumbitches to marketing your ass, use burner emails whenever possible, don't reuse credentials and rotate them... that sort of things.

This. And stop mandating "security" when it is not needed. Hell no I am not giving my cell phone number for 2fa for the throw away email I use to log on to porn sites! :) Too much "security" is as bad as not enough. It results in lazy workarounds.

Re:Everything's on[LINE]

[shanen]

Trying to fix that vacuous Subject for you, but I have quite a bit to say on the topic of Japanese companies with international pretensions...

I've been using LINE for several years, but I never used the LINE Pay part of it. Mostly because of their lack of communicative competence, but also because that communicative incompetence is symptomatic of other problems. Social engineering is always the biggest weakness in any chain of security, but even if they can't explain their security to potential customers li

Re:

[AmiMoJo]

Instead of just resigning yourself to getting data-raped, why not make data-rape illegal?

Re:

[drinkypoo]

Yeah, just look at how making things illegal prevents them from happening!

If you want a legal remedy then it has to be protection from harm from identity theft. Governments are going to have to raise the standards for proof of debt for example.

Re:

[AmiMoJo]

Well it worked in Europe with GDPR. It's not perfect but we don't get data raped nearly as badly as you guys do, and when it happens we have some form of redress.

Re:

[DeanonymizedCoward]

Instead of just resigning yourself to getting data-raped, why not make data-rape illegal?

Eeeek! Business-Killing Regulations!