LINE

(Chinese follows English/ 中文版本在下方)

All times are in JST unless noted otherwise

1. Overview

We have detected unauthorized login attempts to LINE contact form (https://contact-cc.line.me), whereby valid ID/PW combinations affecting approximately 3035 LINE accounts were identified, while phone number, user identifier, email address (known information upon log in) may have been obtained. We are currently taking proactive measures to prevent this issue from spreading. The details of our investigation and response to alert our users of this issue are summarized below.

2. Incident assessment

The LINE contact form is a generic HTML form requiring information to identify the source of the enquiry (phone number, user identifier, email address (login ID) so that LINE can respond to them smoothly. Hence, the unauthorized user or users may have been able to obtain user information (phone number, email address (known information upon log in), user identifier) upon unauthorized login. While have already reset the passwords on the compromised user account, due to the nature of this incident involving personal information, we are issuing this notification and alerting our users.

If you are affected by this incident, please contact us using the form at the bottom of this notice. We will work diligently to investigate and resolve the situation.

◼Breakdown of the affected users by country/region as of February 8, 2021

Japan: 2,888   

Taiwan: 21   

Thailand: 3  

Others: 123

Total: 3,035

3. Current status

Applying Two-Step Authentication 

LINE is reviewing to apply two-step authentication to services that can be logged in with LINE account that do not have the feature applied. 

Two-step authentication is a method where a verification code is displayed upon log in, which must be entered to the linked LINE account on the smartphone to confirm the identity.

Together with your existing password, this system helps prevent unauthorized logins by verifying your identity against your linked LINE account. This means attackers won't be able to access your account using your password alone. 

Reference image: Two-Step Authentication for LINE Login

Initialization of password reset for certain users

We have reset passwords for affected user accounts who we were unable to confirm had updated their passwords between October 3rd 2020 through January 23rd 2021. We have sent such users a message through the LINE Official Account(OA) starting 18:40pm JST on January 21, 2021 requesting users to reset their passwords.

We apologize for the sudden notice. The OA message was distributed in the below order:

1. The following message was sent through the LINE OA: “Password has been changed”
2. This was followed by a second message: “An unauthorized login attempt was detected to your LINE account. There is a risk that your password may have be compromised, and as a precautionary measure your password has been automatically reset on January 21 at 18:40 and on January 23 at 10:00 (UTC +7).

Reference image: Notification to affected users

If you used the same affected LINE password for other services, we recommend you change your password for those services.

LINE will contact you through the LINE OA when you log into your account.

Reference image: Login notification

When you log into a LINE service or desktop app, you will receive a login notification from the LINE OA that contains a verified account badge.

Please check the message, and if you did not log in yourself, immediately change your password.

※Instructions to change your password: https://help.line.me/line/?contentId=20000062

4. Correspondence in chronological order (all times are JST)

January 19, 2021: Internal fraud monitoring system detected login attempts for specific LINE services

January 21, 2021: After an internal investigation, we notified affected users regarding the password reset (1st round)

January 22, 2021: Blocked access from the IP address believed to be the source of the attack

January 23, 2021: Removed embedded phone number and email address at approximately 8:30am

January 23, 2021: After an internal investigation, we notified affected users regarding the password reset (2nd round)

February 8, 2021: Two-factor authentication applied at approximately 11:00am

5. Update history

February 25, 2021: Notification posted

6. Inquiries regarding this matter

For inquiries regarding unauthorized access to individual LINE accounts, please contact us using the following form by selecting “Other” for Question #2:

https://contact-cc.line.me/detailId/10092 

提醒您未經授權的第三方嘗試登入LINE帳號

1. 事件概要

 近日LINE的線上問題反應表（https://contact-cc.line.me）的登入頁面上，約有3,035個LINE帳號出現未經授權的第三方嘗試以有效的密碼登入，同時發生濫用者不當取得用戶電話號碼、用戶識別碼、郵件地址（登入時的既有資料）。

我們為了防止受害情況持續擴大已採取必要的應對措施。

本文說明我們對此事件的調查與應對，同時提醒用戶提高警覺。

2. 關於本事件目前的狀況

 LINE的線上問題反應表為了能順利回覆用戶的詢問，因此採用在一般HTML表單中自動帶入詢問來源相關資料的格式，這些資料包括電話號碼、用戶識別碼、電子郵件帳號（登入時的ID）。

這樣的格式導致頁面中出現用戶的上述個人資料遭濫用者取得。

我們雖然已針對曾受到未經授權的第三方登入的LINE帳號重置密碼，但考量這些用戶的個人資料可能遭不當取得，因此我們決定主動通知用戶，並公告此說明文件，以提醒用戶。

另外，本公告的結尾附有諮詢表單，若您有疑似與本事件相關的情況發生，敬請與我們聯絡，我們將全力調查並採取相關應對措施以協助您排除問題。

截至2021年2月8日

【此事件影響的各國用戶數】

日本：2,888　台灣：21　泰國：3    其他國家/地區：123

總計：3,035

3. 目前的應對狀態

導入二階段認證

我們正一一審查所有可以使用LINE帳號登入卻尚未採用二階段認證的服務，並將陸續導入二階段認證。

二階段認證是一種身份驗證方法，會在用戶登入服務時顯示認證碼，並透過用戶註冊的LINE帳號輸入認證碼來確認身份。

在身份驗證時，除了透過用戶記憶中的密碼等方式進行之外，二階段認證也用來做為第二重的防護機制，防止未經授權的登入，即使身份認證碼為第三方已知，也必須使用該用戶所擁有的LINE帳號進行認證才能登入。

參考圖片：LINE登入的二階段認證

為受影響用戶重置密碼

對於在2020年10月3日至2021年1月23日間，曾受到未經授權的第三方嘗試登入但無法確認密碼變更的用戶，我們從2021年1月21日台灣時間18:40開始透過LINE系統帳號通知用戶，我們已為用戶重置密碼，請用戶依照通知裡的步驟再次變更密碼。

LINE系統帳號依下述階段發出通知，我們在此向突然收到通知，受影響的用戶表達歉意。

1．系統偵測到您的LINE帳號有未經授權的第三方嘗試登入，因此我們以這則訊息聯絡您。但為謹慎起見，請您立即依以下步驟變更密碼，以保障帳號安全。

2．【重要】系統偵測到您的LINE帳號有未經授權的第三方嘗試登入，繼續使用目前的密碼將有風險，為維護您的權益，我們採取了必要的緊急措施，重置了您的密碼。請您立即依以下步驟重設密碼，以便您後續可順利登入帳號。

參考圖片：對受影響用戶的通知 

若您在其他網路服務中也使用同一組密碼，請您考慮一併變更。

當任何人嘗試登入到您的LINE帳號時，我們都會透過LINE系統帳號同步通知您。

參考圖片：登入通知

當您登入與LINE相關的服務或電腦版LINE時，您會收到來自LINE系統帳號發出的登入通知，請仔細確認是綠色盾牌經認證的LINE官方帳號。

請您檢查系統帳號發給您的訊息內容。如果並非您本人登入，請立即變更密碼。

*如何變更密碼：　https://help.line.me/line/?contentId=20000062 

 若您對於此事件仍有疑慮，歡迎您聯繫我們的客服團隊。請使用個人LINE帳號進入： https://contact-cc.line.me/detailId/11820。