With the information provided by the reporter and through our own investigations, we determined that the vulnerability has at the very least been used between August 30–31, 2019 to tamper with the profile photos of users' LINE accounts.
We received a report regarding this vulnerability through our LINE Security Bug Bounty Program. The vulnerability has been fixed as of 6:02 pm (GMT+9), August 31, 2019. It has only affected the photo upload function, and we have found no instance of passwords or personal information being compromised. This vulnerability affected personal-use LINE accounts, as well as accounts, and LINE Official Accounts.
On August 31, 2019, a security bug (vulnerability) affecting the upload function for profile photos was reported via our Bug Bounty Program and promptly fixed.Ī flaw in access restrictions was found in the photo upload API used for changing LINE profile photos, making it possible for a third party to change the profile photos of other LINE accounts at will.