Notice and apology regarding an error with LINE VOOM (browser version) posts page
Chinese(中文版) follows English
Notice and apology regarding an error with LINE VOOM (browser version) posts page
We have discovered an error that occurred with how the LINE VOOM (browser version) posts page was displayed. The details of this issue are explained below. We sincerely apologize for any inconvenience or concern this may have caused.
As of now, this issue has been resolved and the posts page is currently operating correctly.
1. Overview
On the post-viewing page of LINE VOOM (browser version), instead of displaying the posted video, information about the poster and the posted content, as well as information about the user who most recently viewed the post, were sometimes displayed as strings of source code text.
The sequence of events that led to the issue occurred as follows:
(1) The LINE VOOM (browser version) system, including system verification, was accessed externally.
(2) When the user clicked the browser's Back button or took another action to access the posts page, an error occurred caused by (1) above, sometimes resulting in the incorrect display of information.
(3) When another user accessed LINE VOOM (browser version), the error described in (2) caused the display error occasionally to occur.
In addition, posts with privacy settings enabled to limit visibility also mistakenly displayed the same information, even to users who should not have been allowed to view the post.
Affected Period (JST)
- Approximately from 8 p.m. on Sunday, September 22, 2024, to 3:20 p.m. on Thursday, September 26, 2024.
- From 8:18 a.m. on Sunday, November 3, 2024, to 5:12 p.m. on Tuesday, November 5, 2024.
Information displayed:
Information about the user who made the post*1
- Encrypted internal identifier of the LINE user*2
- LINE user name
- LINE profile image URL
Information about the most recent user to view the post
- Encrypted internal identifier of the LINE user*2
- LINE user name
- LINE profile image URL
- Country and language settings information
- User Agent info (OS, browser, etc.)
- Whether the user liked the post
Information about the post*1
- Post text
- Privacy settings
- Number of Likes
- Post ID
etc.
*1 This information was either displayed on the posts page itself or was included as a portion of the page's URL. Please note that posts set to private cannot normally be viewed by anyone other than the intended audience.
*2 This information is used to automatically identify users within the LINE app and is different from the LINE ID that is used to search for and add friends.
2. Cause of the incident
Initially, a vulnerability was identified in the open-source program used to develop LINE VOOM (browser version). Externally accessing*3 the LINE VOOM (browser version) system, which includes this program, resulted in a system error in which user information that should not be kept on the server was stored temporarily. As a result, the error described in "1. Overview" occurred.
*3 A participant in the LINE Security Bug Bounty Program reported accessing the browser version of LINE VOOM to confirm the impact of this vulnerability on the system, and it was confirmed that this verification process was one of the causes of the error. While we have not yet confirmed the specifics of the external attempts to access the system in September, when the issue occurred, we are closely monitoring the situation.
About the LINE Security Bug Bounty Program
As part of our efforts to provide the highest level of security to our users, we ask third parties outside of the company to report any vulnerabilities (also known as "bugs") that they may encounter when using the LINE app and its related services.
*Please note that the accessing of users' personal information is strictly prohibited by the program's Terms of Service.
https://bugbounty.linecorp.com/en/
3. Occurrence and response (JST)
September 22, 2024: The error occurred due to accessing LINE VOOM (browser version).
September 26, 2024: The error was temporarily resolved due to an unrelated system update.
November 3, 2024: The error reoccurred due to accessing LINE VOOM (browser version).
November 5, 2024: We discovered the error internally and the systems manager resolved the issue.
November 13, 2024: Following an internal investigation, it was discovered that this issue also occurred from September 22 to September 26.
February 4, 2025: After a detailed investigation, the issue was made public.
4. Request to users
Regarding this incident, we have confirmed that posts from the time that the error occurred were saved in internet search engines and other archival sites. We requested these sites and services delete that content, and have confirmed that all of the relevant content we are aware of was properly deleted.
If any users or companies that collect LINE VOOM (browser version) content for analysis or other purposes have saved pages from the relevant period, we ask that they please be deleted.
In addition, please note that some posts that had been set to private were viewable by third parties, therefore you may receive messages related to those posts in the future. Please be careful not to click on any unknown URLs and be alert for any other suspicious activity.
5. For inquiries regarding this matter
Please contact us using the link below for inquiries regarding this matter.
https://contact-cc.line.me/category2Id/14551
*If the above link to the inquiry form does not load properly, please try pasting the URL into your browser directly.
We apologize for any inconvenience this error may have caused. We will work hard to prevent similar issues in the future.
LINE VOOM(網頁版)貼文瀏覽頁面顯示錯誤的通知與致歉
我們已確認,在 LINE VOOM(網頁版)的貼文瀏覽頁面中曾發生顯示錯誤的情況(以下簡稱「本問題」)。
造成各位用戶的諸多不便,我們在此致上最深的歉意。關於本問題的說明請參閱如下。
同時,本問題已修復完畢,目前貼文瀏覽頁面中的顯示問題已獲得解決。
1. 發生的問題
在 LINE VOOM(網頁版)的貼文瀏覽頁面中,有時會出現貼文影片未正常顯示,而是以文字串形式*註1 顯示發文者、貼文內容相關資訊,以及最近瀏覽該貼文的用戶資訊。
此問題的詳細說明如下,敬請參閱。
(1) LINE VOOM(網頁版)的系統曾受到包括系統驗證在內的外部存取影響
(2) 當用戶在網頁中進行「返回」等操作,並重新進入貼文瀏覽頁面時,約每數次操作中會有一次因(1)引發的系統問題導致顯示錯誤的情況發生。
(3) 當其他用戶訪問 LINE VOOM(網頁版)時,約每數次操作中會有一次因(2)引發的系統問題,導致該貼文瀏覽頁面相關的文字串顯示錯誤。
而針對限制公開範圍的貼文,相關資訊有時會錯誤顯示給可觀看範圍以外的用戶。
*註1 亦即服務提供系統中處理的原始碼形式的文字串。
<發生期間>
日本時間2024年9月22日(星期日)晚上8點左右至2024年9月26日(星期四)下午3點20分
日本時間2024年11月3日(星期日)早上8點18分〜2024年11月5日(星期二)下午5點12分
<錯誤顯示的資訊>
發布該貼文的用戶資訊*註2
・加密處理的LINE用戶內部識別碼*註3
・LINE的用戶名稱
・LINE的個人圖片網址
最近一次瀏覽該貼文用戶的資訊
・加密處理的LINE用戶內部識別碼*註3
・LINE的用戶名稱
・LINE的個人圖片網址
・國家、語言設定資訊
・User Agent情報(如作業系統、瀏覽器等資訊)
・是否對該貼文按下「讚」的資訊
貼文相關資訊*註2
・該貼文的文字內容
・公開範圍設定
・按讚數
・貼文ID
等
*註2 此資訊是指在貼文瀏覽頁面上顯示的內容,或該頁面等的網址中一部分記載的資訊。此外,若設定為限定公開的貼文,非公開對象本應無法查看這些資訊。
*註3 此為LINE應用程式內部機械性識別用戶的識別碼,與新增好友時用來搜尋ID的LINE ID不同。
2. 本次問題的原因
經查在該問題發生當時,LINE VOOM(網頁版)所使用的開源程式中,具有安全性漏洞。透過包含該程式在內的LINE VOOM(網頁版)系統的外部存取*註4,導致原本不應儲存於伺服器的用戶資訊,因系統問題而被臨時儲存。因此,發生了「1. 發生的問題」中提到的顯示錯誤。
*註4 參與LINE Security Bug Bounty Program的人員向LINE VOOM(網頁版)進行了與該漏洞相關的系統驗證存取作業後,我們已確認此驗證作業是導致本次問題的原因之一。在發生本次問題期間內的9月所進行的外部存取,目前尚無法確認其詳細內容,但我們將持續密切關注相關情況。
<關於LINE Security Bug Bounty Program>
此制度目的在於讓第三方報告他們在使用LINE相關服務時發現的漏洞(錯誤),為用戶提供更安全的服務。
※本程式根據使用條款,嚴格禁止存取用戶的個人資訊。
https://bugbounty.linecorp.com/ja/
3. 發現原因與應對處理方式
2024年9月22日 因存取LINE VOOM(網頁版)導致本問題發生
2024年9月26日 因進行與本問題無關的系統更新作業,該問題暫時得到解決
2024年11月3日 再度因存取LINE VOOM(網頁版)導致本問題復發
2024年11月5日 公司內部確認到本問題的發生,系統負責人修復了顯示錯誤
2024年11月13日 經內部調查確認,本問題也曾在2024年9月22日至26日期間發生過
2025年2月4日 根據詳細調查後的結果,公開本問題
4. 請用戶協助
造成各位用戶的諸多不便,在此致上最深的歉意。我們也了解到,本次問題中發生顯示錯誤的貼文瀏覽頁面,已被搜尋引擎及儲存過去網站和內容的網頁存檔服務保存。我們已向相關服務請求刪除,並確認已在我們掌握的範圍內全部刪除。
若用戶或基於分析等目的而收集LINE VOOM(網頁版)貼文內容的企業,儲存了顯示錯誤的貼文瀏覽頁面,請務必刪除該內容。
此外,因限定公開的貼文內容曾處於第三方可查看的狀態,未來可能會收到與該貼文相關的訊息等。請務必小心,避免點選可疑網址等。
5. 本問題的諮詢窗口
用戶若對本次發生的問題有任何疑問,請透過以下窗口與我們聯絡。
https://contact-cc.line.me/category2Id/14551
※請在打開上述聯絡頁面後,從「1)問題的具體內容」中選擇「貼文瀏覽頁面的問題通知」。
※若無法成功瀏覽上述頁面,請使用網頁瀏覽器開啟上方網址。
造成各位用戶的諸多不便,再次致上最深的歉意。
我們已針對本問題於公司內部進行深度檢討,並致力防止同樣的狀況再次發生。