Yahoo! Japan announced on May 17th night [J] that they found that their account management server got raided, a file having 22 million of their user account names left on the server.
The announcement said that they can not deny the possibility of the file transferred to outside of the company’s network. However, as the file did not include any other information such like password, secret questions for password recovery, etc., they wrote that those public account name disclosed will not cause serious trouble such like others log in your account.
[Update] Reuters report it.
[Update 2013-05-20] PC Advisor and Information Week followed. These do not tell that Yahoo! Japan’s ID is totally irrelevant with U.S. Yahoo ID. (i.e. you can not log in U.S. Yahoo with Yahoo! Japan’s ID, and vise versa.)
Japan’s Ministry of Internal Affairs and Communications(MIC) on April 4 issued two administrative directions around the constitutionally guaranteed secrecy of communication (=Tsuushin no Himitsu, in Japanese) against Connect Free and NTT Broadband Platform.
Both companies tried to offer free WiFi services at shops last December but got in troubles by suspicious behaviors when users connect the free WiFi stations.
Direction for Connect Free [J] pointed that the service collected user client’s MAC address and some social media account IDs “without prior consent”. (Asiajin’s report)
The other one for NTT Broadband Platform [J] said that the company blocked access for specific websites from the free WiFi spots “without due reasons”. The document did not specify the service name but it is likely Seven Spot [J], free WiFi spots available on Seven Eleven, Ito Yokado, Seibu and Denny’s chain-stores, which was complained to block Amazon Japan and Rakuten websites at launch, probably because they are rival on shopping.
Amazon’s wish list is a list of products that you can publish on Amazon and ask people to purchase and send, a kind of donation feature. You are expected to be anonymous and still receive gifts, for example blog readers.
On January 18, a Twitter user @mopetsune explained how you can extract anyone’s real address if you know the wish list ID, without being known by the list owner.
The procedure he explained rapidly frightened Japanese web users who had published their wish-lists. I can tell that Japanese are more sensitive on their postal address known.
It was not the first time to be pointed out. In September 2011 a blog tyoro.exe tested and confirmed that the rumor on the web you can get the address of the wish-list owner by ordering other item (=not from the wish-list) on your store Market Place. With this, you will know the receiver’s address but s/he will know you know.
This time’s one added a procedure of canceling the original item from wish-list. Even only with the remained item from your store,you still can get the wish-list owner’s address.
Amazon has a setting of not sending gift on wish-list from third-party Market-place stores. It is reasonable that your address notified to the seller when you turn it on. However, according to this @mopetsune, on the procedure above, your address could be taken even if the setting is off.
I do not know if this trick works on Amazon in other countries. If it is the same and you want to avoid it, easy way is to remove “Ship-to Address” from wish-list setting.
According to @bulkneets, a well-known security authority, Amazon Japan seemed to fix the hole partially.
Japan’s National Information Security Center reported on January 19 that the results of its security drill with 60,000 staff in 12 government organizations around malicious mail attachment [J, pdf].
According to the report, from October to December 2011, the center held security training to the 60,000 staff, then sent two mails which you could not identify the sender information. The first one was with a mocked attachment file, and the second one was with a link, both were to open the server which record which staff ran the attached application and click the link.
About 6,000 people, 10.1% opened the first attachment, and 3.1% opened the link.
via TV-Asahi [J]
KDDI, Japan’s second largest cellphone carrier is being blamed by users on Twitter [J] by displaying advertising on Android “as a system notification”.
Here is a sample screenshot informs from KDDI to you “Diet by an App”,
on the system notification.
The Android app to insert such ads on the Android system notification is an officially bundled “au one Market”, alternative Android Market powered by KDDI au (Google’s Android Market also exists on the phones).
According to @jn_mo, this was introduced at the app’s update 2 times before. After update, user will be explained 1. au one Market app stays resident even when you are not using the app, 2. notification space will be used to inform good deals to customers.
The agreement screen has a large “OK” button. Just above the button, there is a link saying “Click here if you do not like to see the ads”.
As some users pointed out, there is a similar service AirPush from US, which utilizes notification message for ads, which seems not welcomed by every user. This KDDI’s one could spread wider as it is by cellphone carrier with pre-installed, unable-to-remove, automatically updated app.
[Update 2012-01-30] Few days later, KDDI added a message on the app’s top linked to explain why ads are showed on the notification slot.
Only Engadget Japan and Slashdot Japan took this news listed on Google News Japanese.