Some time yesterday, Singapore-based Zane Chua’s Line account was compromised. Instead of simply messing around or taking data, the hacker decided to approach several of his contacts in the account to ask for a small favour – some iTunes cards. One of Zane’s contacts, Jonathan Wong, felt confused by the unusually bad command of English and strange request, that he figured something was up. The conversation he had with him afterwards was nothing short of hilarious. Also Read: AirAsia Singapore Explores LINE Official Account As New Outreach Channel! Despite the incident, Jonathan remains a loyal user to LINE, saying that he’s a fan of its clean and modern user interface and its array of stickers. He finds the desktop app, which was also mentioned in the chat, convenient as well. Zane, on the other hand, is thinking of discontinuing the use of the app, as his only active contact on LINE (his aunt) is starting to use its Korean competitor – KakaoTalk. However, the LINE hacking incident brings about a pandora’s box of security issues. Is LINE Singapore really that safe? After all, it isn’t the first time that the LINE app has been compromised. According to a report by Channel NewsAsia, a total of 15 reports were made to the police of the same scam in July this year, and in the worst case, a victim was cheated of about $3,000. (Editor’s Note: LINE has clarified that this is an issue of compromised accounts, and that LINE’s backend has not been compromised) “I think quite a substantial number of my friends were affected (by my account being hacked),” said Zane Chua, the most recent victim of hacking. “Some of my friends didn’t even know it wasn’t me and was almost going to go through with it. Thankfully they contacted me through WhatsApp to confirm.”
However, we were able to get hold of LINE for an official statement. This was what they said:
LINE prioritizes user privacy protection and stable service support as our top priority, as we continue to offer the most dynamic services that can be trusted anywhere around the world.
Some cases have shown that personal information retrieved from other weakly-protected sources may be misused on LINE for unauthorized access, if the user keeps the same log-in ID and password for multiple services.
As LINE becomes more popular around the world, LINE would like to remind users to protect their personal information by using individualized password for LINE and changing it on a regular basis. It is also important for users to not disclose their IDs publicly.
In addition, users can choose the setting ‘Reject Message’ to stop receiving messages from unknown contacts and block or report contacts that send spam messages or links with malware. Users should also take extra caution with the content or links received from unknown contacts.
[4.5.0 version update & Migration PIN Code]
With the release of LINE 4.5.0 version, LINE has taken an extra measure to further enhance user security.
Users who only sign-in via Facebook account will be requested to register with their phone number or e-mail address. If they register with the e-mail address only, an additional set up of Migration Pin Code will be required. The Migration PIN Code function allows users to set up four-digit security code for mobile devices. In order to prevent unauthorized use of personal account information, LINE users can use the same PIN code to log-in and access their account information, even after changing their mobile devices.
[How to prevent scam cases]
The recent reporting of scam cases are, in fact, the issue of compromised accounts, which personal information retrieved from other weakly-protected sources are misused for unauthorized access to users’ LINE account. In order to prevent such cases, LINE would like to remind users to take caution when using the service in order to prevent any loss through scams or frauds.
1) Be careful with the content/links you send and receive.
2) Do not disclose your ID in public.
3) Change your passwords on a regular basis.
4) Choose the setting ‘Reject Message’ to stop receiving message from unknown contacts.
5) Block or report the contact(s) that send you spam messages or links with virus/malware.”
To add on to the Official Statement above, LINE would like to point out that the gift card scam incident is, in fact, the issue of compromised accounts. LINE requires login information such as email address or other SNS accounts. If the user uses the same personal information for other weakly-protected sources, it can easily be retrieved and can be misused for unauthorized access to users’ LINE account. For better clarification, LINE has provided the definition of both terms below:
Hacking is generally defined as an attempt to gain access to systems the person isn’t authorized for, involving the altering of hardware and/or software. This is typically extremely difficult to do on major systems and only a very small and selected group of people have the skills and resources.
Compromising is entirely different, it is often referred to as phishing. It involves the aggressor bringing into light, or exposing, information about the victim. This can be accomplished in many different ways, either by unknowingly telling someone or by not using proper security. Things like weak passwords and easy to guess “Secret Questions”.
When asked what he would say to the hacker if he got a chance to chat with him again, Jonathan kindly said, “I wish you had more time to chat longer, because I was really enjoying our conversation!” Zane, on the other hand, was not as kind in his reply: