Brinztech Alert: Alleged Database of Line.me (1.78M Taiwan Users) is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of a database allegedly containing 1.78 million user records from Line.me, specifically targeting users in Taiwan. The dataset is marked with a “Leak Date: 2025,” indicating it is a fresh, active listing.

Brinztech Analysis:

• The Target: Line is the “super app” of Taiwan, used by over 21 million people (nearly the entire population) for messaging, payments, and government services. A breach here is a critical national security concern.
• The Data: The leaked fields (Phone Numbers, UIDs, Nicknames, Gender, Age, Avatar Links, Social Account Validity) are highly indicative of a Mass Scraping / Enumeration Attack rather than a direct breach of Line’s encrypted message servers.
  • Scraping Vector: Threat actors likely used automated scripts to query Line’s “Add Friend by Phone Number” API or “ID Search” function at scale to validate phone numbers and scrape the associated public profile data (UIDs, photos, names).
• The “2025” Anomaly: The future-dated or current-year tag (“2025”) suggests the actor is actively harvesting this data now, possibly exploiting a new unpatched rate-limiting flaw similar to the WhatsApp scraping vulnerability disclosed earlier this year.

Key Cybersecurity Insights

This alleged data sale presents a critical threat to Taiwanese citizens:

• Targeted Regional Impact (Taiwan): This is not a random global leak; it is a geographically targeted operation. Given the geopolitical tensions in the region, a database of 1.78 million validated Taiwanese citizens could be weaponized for disinformation campaigns or cognitive warfare by state-sponsored actors.
• High Risk of Account Takeover & Clone Scams: With access to Avatar Links and Nicknames, criminals can create “clone accounts” to impersonate victims. They can then message the victim’s friends (whose numbers they might also have) asking for emergency money transfers—a common scam on Line.
• Significant PII Exposure: The connection of a real-world Phone Number to a digital UID and Photo destroys user anonymity. This data can be cross-referenced with other leaks to build comprehensive dossiers on individuals.
• Regulatory Impact: If this is a result of a failure to stop scraping, LY Corporation (Line’s operator) faces scrutiny under Taiwan’s newly amended Personal Data Protection Act (PDPA), which mandates strict security measures and 72-hour breach reporting.

Mitigation Strategies

In response to this claim, Line users in Taiwan must take immediate action:

• Disable “Allow Others to Add by ID/Phone”: Go to Settings > Privacy and uncheck “Allow others to add me by ID” and “Allow others to add me by phone number.” This removes you from the searchable index that scrapers abuse.
• Strong Multi-Factor Authentication (MFA): Ensure the “Letter Sealing” (E2EE) feature is active and that account transfer verification requires a 2FA code (preferably not SMS, if alternatives are available).
• Proactive Monitoring: Be vigilant against messages from “friends” asking for verification codes or money. Verify their identity through a voice call.
• Platform Response: Line must implement stricter API rate-limiting and CAPTCHA challenges on its “friend search” endpoints to halt the scraping activity.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com