LINE Yahoo apologizes after internal game identifiers sent to external ad tool; up to 6.1 million users affected, no personal data leaked

July 14, 2026

LINE Yahoo discloses, apologizes, and fixes configuration behind data transmission

LY Corporation, branded as LINE Yahoo and operator of the LINE messaging ecosystem in Japan, issued an apology on 13 July for the unintended transmission of internal game identifiers from three popular LINE GAME titles to an external advertising analytics tool used by partner companies. The company said the identifiers—random strings used inside its systems to distinguish game users—were sent due to insufficient verification during a settings change. Crucially, LINE Yahoo emphasized that no names, addresses, phone numbers, bank accounts, or credit card details were involved, and that the transmission has been stopped.

What happened

According to the notice, the games affected were LINE Pokopoko, LINE Pokopang Town, and LINE Pokopan. Partner companies had deployed a third-party tool to confirm and analyze ad display status. In that setup, internal identifiers that did not need to be sent were transmitted from user devices to the external tool provider. The company said this information was not listed in its Privacy Center at the time. LINE Yahoo attributed the incident to insufficient confirmation of settings by both the company and certain partners when the analytics configuration was updated.

What data was involved—and what was not

The transmitted item was an internal identifier—described as a random string used by systems to distinguish users—and is different from a “LINE ID.” No personally identifying details such as names, addresses, phone numbers, bank or credit card information were included. LINE Yahoo reported that the external tool provider has already deleted the relevant identifiers and that no malicious use has been confirmed. The company added that no secondary harm has been reported and that users do not need to take any action.

How many users were affected

The affected period and counts reported by LINE Yahoo are as follows:

  • LINE Pokopoko: 25 May 2022 to 2 April 2026 — approximately 5.47 million instances (alt. figure: about 5.29 million)
  • LINE Pokopang Town: 25 May 2022 to 3 April 2026 — approximately 0.79 million (alt. about 0.74 million)
  • LINE Pokopan: 25 May 2022 to 11 June 2025 (service end) — approximately 0.84 million (alt. about 0.63 million)

Total instances: about 7.10 million (alt. about 6.66 million). Unique users: about 6.10 million (alt. about 5.74 million). For sessions where players used guest login—meaning the transmission could not identify an individual—counts were: Pokopoko approximately 0.77 million (0.73 million), Pokopang Town approximately 0.07 million (0.07 million), and Pokopan approximately 0.09 million (0.06 million), totaling roughly 0.93 million (0.86 million).

Timeline

  • 25 May 2022: Transmission begins
  • 1 April 2026: Issue identified; investigation begins
  • 3 April 2026: Fix completed; transmission stopped

Why this matters in Japan

LINE is integral to daily life in Japan, used for messaging, payments, and an extensive catalog of mobile games. Transparency and swift remediation are hallmarks of Japan’s corporate culture, and LINE Yahoo’s public apology and rapid technical fix within two days of discovery reflect that expectation. Under Japan’s Act on the Protection of Personal Information (APPI), companies face strong social and legal incentives to handle identifiers with care. While these internal game strings are not the same as names or financial data, their handling still demands caution—and disclosure helps maintain public trust.

Global context for mobile apps

Misconfigurations around third-party advertising and analytics tools are a known global challenge. Mobile software development kits (SDKs) often require granular settings to ensure only necessary data is transmitted. LINE Yahoo’s case underscores an industry-wide best practice: minimize data, verify configurations regularly, and ensure public-facing privacy explanations remain accurate when tools change.

What users in Japan and abroad should know

For players of LINE Pokopoko, LINE Pokopang Town, and LINE Pokopan, the company says no action is required. The external partner has deleted the identifiers, and there is no evidence of misuse. Still, privacy-conscious users can review permissions for advertising tracking on their devices, keep game apps updated, and check LINE’s Privacy Center for the latest details.

Company response and next steps

LINE Yahoo apologized “for the inconvenience and concern” and pledged to prevent recurrence. The company’s statement indicates strengthened internal reviews of tool settings with partners and improved disclosure processes. For the millions who rely on Japan’s digital services, this episode highlights both the country’s commitment to accountability and the ongoing work of major tech players to safeguard user trust in one of the world’s most connected markets.