Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
LY Corporation

LY Corporation Vendor Cyber Rating & Cyber Score

lycorp.co.jp

LY Corporation is one of Japan's largest tech companies formed in October 2023 through the reorganization of Group companies including LINE Corporation and Yahoo Japan Corporation. LY Corporation spans diverse businesses, including search, portal website, e-commerce, communications, and advertising under its mission, "Create an amazing life platform that brings WOW! to our users." With a workforce comprising over 10,000 individuals from approximately 40 countries and regions, LY Corporation is dedicated to continually delivering inspiring services to its users and contributing to the realization of a more enriching and convenient lifestyle through the power of the Internet.  


LY Corporation A.I CyberSecurity Scoring

LY Corporation
Company Information
Website:https://www.lycorp.co.jp/ja/
Employees number:2,435
Number of followers:20,218
NAICS:5112
Industry Type:Software Development
Homepage:lycorp.co.jp
LY Corporation Risk Score (AI oriented)
Between 700 and 749
logo
LY CorporationSoftware Development
Updated:
14/07/2026
723/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
LY Corporation Global Score (TPRM)
xxxx
logo
LY CorporationSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

LY Corporation
LY CorporationModerate
Current Score
723Ba (MODERATE)
01000
1 incidents
-70 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
793Before Incident
Breach
13 Jul 2026LY Corporation
LY Corporation and NAVER Cloud: LY Corp Discloses LINE GAME Identifier Leak Affecting 6.1 Million Over Four Years

LY Corporation Discloses 4-Year Data Exposure Affecting 6.1 Million LINE GAME Users

723After Incident
CRITICAL-70
LYCNAV1784047058
LY Corporation Discloses 4-Year Data Exposure Affecting 6.1 Million LINE GAME Users LY Corporation, operator of Japan’s dominant messaging platform LINE, revealed on July 13, 2026, that a misconfigured advertising analytics tool had silently transmitted internal user identifiers from three LINE GAME titles to a third-party partner for nearly four years. The exposure, discovered internally on April 1, 2026, affected approximately 6.1 million unique users across LINE PokoPoko, LINE Pokopang Town, and LINE Pokopang the latter of which ceased operations in June 2025, over a year before the public disclosure. The incident stemmed from a May 25, 2022, configuration change by the partner company, which inadvertently enabled the tool to receive an internal user identifier a random character string used to distinguish accounts alongside ad performance data. Neither LY Corp nor the partner audited the tool’s settings before or after the change, allowing the identifier to transmit with every user session for 1,409 days. In total, 7.1 million records were sent: 5.47 million from LINE PokoPoko, 790,000 from LINE Pokopang Town, and 840,000 from LINE Pokopang. Of these, 930,000 records belonged to guest users, whose identifiers could not be linked to individual accounts. LY Corp emphasized that the exposed identifiers were not "personal data" under Japan’s Act on the Protection of Personal Information (APPI), as they lacked direct identifiers like names or contact details. However, the company did not address whether the partner’s analytics tool retained behavioral data (e.g., session times, ad interactions) alongside the identifiers a combination that could enable audience segmentation or re-identification at scale. The partner confirmed deletion of the transmitted identifiers, but LY Corp’s disclosure did not clarify whether associated behavioral data was also purged. The incident highlights a recurring vulnerability in mobile gaming: misconfigured third-party SDKs. Research cited by the International Association of Privacy Professionals notes that gaming apps embed an average of 17.5 SDKs, with analytics and advertising tools being the most prevalent. LY Corp’s own "User Privacy First" governance framework was intended to include audits of outgoing data flows, but the 2022 configuration change evaded detection until April 2026. The 103-day delay between discovery and public disclosure raises questions about compliance with Japan’s amended APPI, which mandates preliminary breach reports to the Personal Information Protection Commission (PPC) within three to five days for incidents affecting over 1,000 individuals. LY Corp has not confirmed whether it filed such a report, citing the identifiers’ non-personal nature as a potential exemption. Notably, the company remains under active PPC monitoring following a 2023 breach involving malware at a NAVER Cloud subcontractor, which exposed data of 440,000 individuals and prompted regulatory corrective actions. The LINE GAME misconfiguration originated in May 2022 before the 2023 breach and persisted throughout LY Corp’s ongoing remediation efforts, which are projected to continue through December 2026. LY Corp stated that no unauthorized use of the identifiers has been detected and that affected users are being notified individually. While the immediate risk is deemed low, the incident underscores the privacy risks of persistent identifiers in ad analytics tools, even when stripped of traditional personal data.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: Internal user identifiers (7.1 million records)Systems Affected: LINE GAME titles (*LINE PokoPoko*, *LINE Pokopang Town*, *LINE Pokopang*)Operational Impact: Delayed detection and disclosure, regulatory scrutinyBrand Reputation Impact: Potential erosion of trust due to recurring incidentsLegal Liabilities: Potential non-compliance with Japan’s APPIIdentity Theft Risk: Low (identifiers alone not directly linkable to personal data)
DATA BREACH
Type Of Data Compromised: Internal user identifiers (random character strings)Number Of Records Exposed: 7.1 millionSensitivity Of Data: Low (not classified as personal data under APPI, but could enable audience segmentation)Personally Identifiable Information: No (identifiers lacked direct personal data like names or contact details)
JUNE 2026
793Before Incident
MAY 2026
793Before Incident
APRIL 2026
793Before Incident
MARCH 2026
791Before Incident
FEBRUARY 2026
791Before Incident
JANUARY 2026
791Before Incident
DECEMBER 2025
791Before Incident
NOVEMBER 2025
791Before Incident
OCTOBER 2025
791Before Incident
SEPTEMBER 2025
791Before Incident
AUGUST 2025
791Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for LY Corporation ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in June 2026 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in May 2026 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in April 2026 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in March 2026 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in February 2026 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in January 2026 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in December 2025 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in November 2025 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in October 2025 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in September 2025 ?
?
What was LY Corporation's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on LY Corporation's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with LY Corporation ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view LY Corporation's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
LY Corporation Cyber Scoring History | Rankiteo