LY Corporation A.I CyberSecurity Scoring
LY Corporation
Company Information
Website:https://www.lycorp.co.jp/ja/
Employees number:2,435
Number of followers:20,218
NAICS:5112
Industry Type:Software Development
Homepage:lycorp.co.jp
LY Corporation Risk Score (AI oriented)
Between 700 and 749
LY CorporationSoftware Development
Updated:
14/07/2026
14/07/2026
723/1000
Moderate
Ba
LY Corporation Global Score (TPRM)
xxxx
LY CorporationSoftware Development
Score locked

LY CorporationModerate
Current Score
723Ba (MODERATE)
01000
1 incidents
-70 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
793
Breach
13 Jul 2026 • LY Corporation
LY Corporation and NAVER Cloud: LY Corp Discloses LINE GAME Identifier Leak Affecting 6.1 Million Over Four Years
LY Corporation Discloses 4-Year Data Exposure Affecting 6.1 Million LINE GAME Users
723
CRITICAL-70
LYCNAV1784047058
LY Corporation Discloses 4-Year Data Exposure Affecting 6.1 Million LINE GAME Users
LY Corporation, operator of Japan’s dominant messaging platform LINE, revealed on July 13, 2026, that a misconfigured advertising analytics tool had silently transmitted internal user identifiers from three LINE GAME titles to a third-party partner for nearly four years. The exposure, discovered internally on April 1, 2026, affected approximately 6.1 million unique users across LINE PokoPoko, LINE Pokopang Town, and LINE Pokopang the latter of which ceased operations in June 2025, over a year before the public disclosure.
The incident stemmed from a May 25, 2022, configuration change by the partner company, which inadvertently enabled the tool to receive an internal user identifier a random character string used to distinguish accounts alongside ad performance data. Neither LY Corp nor the partner audited the tool’s settings before or after the change, allowing the identifier to transmit with every user session for 1,409 days. In total, 7.1 million records were sent: 5.47 million from LINE PokoPoko, 790,000 from LINE Pokopang Town, and 840,000 from LINE Pokopang. Of these, 930,000 records belonged to guest users, whose identifiers could not be linked to individual accounts.
LY Corp emphasized that the exposed identifiers were not "personal data" under Japan’s Act on the Protection of Personal Information (APPI), as they lacked direct identifiers like names or contact details. However, the company did not address whether the partner’s analytics tool retained behavioral data (e.g., session times, ad interactions) alongside the identifiers a combination that could enable audience segmentation or re-identification at scale. The partner confirmed deletion of the transmitted identifiers, but LY Corp’s disclosure did not clarify whether associated behavioral data was also purged.
The incident highlights a recurring vulnerability in mobile gaming: misconfigured third-party SDKs. Research cited by the International Association of Privacy Professionals notes that gaming apps embed an average of 17.5 SDKs, with analytics and advertising tools being the most prevalent. LY Corp’s own "User Privacy First" governance framework was intended to include audits of outgoing data flows, but the 2022 configuration change evaded detection until April 2026.
The 103-day delay between discovery and public disclosure raises questions about compliance with Japan’s amended APPI, which mandates preliminary breach reports to the Personal Information Protection Commission (PPC) within three to five days for incidents affecting over 1,000 individuals. LY Corp has not confirmed whether it filed such a report, citing the identifiers’ non-personal nature as a potential exemption. Notably, the company remains under active PPC monitoring following a 2023 breach involving malware at a NAVER Cloud subcontractor, which exposed data of 440,000 individuals and prompted regulatory corrective actions. The LINE GAME misconfiguration originated in May 2022 before the 2023 breach and persisted throughout LY Corp’s ongoing remediation efforts, which are projected to continue through December 2026.
LY Corp stated that no unauthorized use of the identifiers has been detected and that affected users are being notified individually. While the immediate risk is deemed low, the incident underscores the privacy risks of persistent identifiers in ad analytics tools, even when stripped of traditional personal data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
793
MAY 2026
793
APRIL 2026
793
MARCH 2026
791
FEBRUARY 2026
791
JANUARY 2026
791
DECEMBER 2025
791
NOVEMBER 2025
791
OCTOBER 2025
791
SEPTEMBER 2025
791
AUGUST 2025
791
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for LY Corporation ??
What was LY Corporation's A.I Rankiteo Cyber Score in June 2026 ??
What was LY Corporation's A.I Rankiteo Cyber Score in May 2026 ??
What was LY Corporation's A.I Rankiteo Cyber Score in April 2026 ??
What was LY Corporation's A.I Rankiteo Cyber Score in March 2026 ??
What was LY Corporation's A.I Rankiteo Cyber Score in February 2026 ??
What was LY Corporation's A.I Rankiteo Cyber Score in January 2026 ??
What was LY Corporation's A.I Rankiteo Cyber Score in December 2025 ??
What was LY Corporation's A.I Rankiteo Cyber Score in November 2025 ??
What was LY Corporation's A.I Rankiteo Cyber Score in October 2025 ??
What was LY Corporation's A.I Rankiteo Cyber Score in September 2025 ??
What was LY Corporation's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on LY Corporation's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with LY Corporation ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view LY Corporation's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?