MTL:
Today, we are pleased to announce the opening of Buspop!, a website operated by our group, Virtual Entertainment Co., Ltd. on the official account regarding ``
Information regarding Buspo! JP Audition ''. We have issued a notice
Although the investigation is currently underway, there is a possibility that similar personal information may be leaked on the same day at "Brave group General Audition" operated by Brave group and "HareVare VLiver Audition" operated by ENILIS Co., Ltd. It has become clear that.
We would like not only to those affected by the leak, but also to our fans and related parties. to sincerely apologize for the inconvenience and concern we have caused,
We are currently continuing to carefully investigate this incident, but we would like to inform you of the information known at the moment (2024/6/25 22:00).
We recognize that this is a situation in which we should promptly apologize individually to all those affected by the leak and contact them.
However, due to the above situation, we ask that you please wait for a while.
overview
In the files managed by the cloud service "Google Drive" used by our group, the contents of the responses to the Google Form for applicants of "Buispop! JP Audition" are the "editing URL" of the same form. It was discovered on 2024/6/25 17:15 that it was available for viewing by a third party who came to know about it.
However, the editing URL was not publicly available on the audition site, and we believe that it is highly likely that the editing URL was leaked somehow.
In addition, although we are currently investigating access history, similar personal information leaks occurred on the same day at "Brave group General Audition" operated by Brave group and "HareVare VLiver Audition" operated by ENILIS Co., Ltd. The possibility of
In light of the above situation, we will continue to carefully investigate the information as there is a strong possibility of intentional leakage or unauthorized access.
Information known as of June 25, 2024
The details are currently under investigation, but the current situation (as of 2024/6/25 22:00) is as follows.
However, please note that this is only the information known to date and may change as a result of future investigations.
"Buispo! JP Audition"
1. Number of responses that were available for viewing
About 7,000 pieces
2.Who is the target of the leak?
Everyone who applied for “Buispop! JP Audition”
3.Period during which it may have occurred
2024/6/4 20:05 ~ 2024/6/25 17:50
4.Items of personal information that were available for viewing
·full name
・Prefecture of residence (however, if the address was entered incorrectly, the address)
·telephone number
·date of birth
・Use SNS
・Motivation, etc.
"Brave group general audition"
1. Number of responses that were available for viewing
Approximately 2,610 pieces
2.Who is the target of the leak?
Everyone who applied for the "Brave group general audition"
3.Period during which it may have occurred
2024/6/4 19:40 ~ 2024/6/25 17:50
4.Items of personal information that were available for viewing
·full name
・Prefecture of residence (however, if the address was entered incorrectly, the address)
·telephone number
·date of birth
・Use SNS
・Motivation, etc.
"HareVare VLiver Audition"
1. Number of responses that were available for viewing
Approximately 1,043 pieces
2.Who is the target of the leak?
Everyone who applied for “HareVare VLiver Audition”
3.Period during which it may have occurred
2024/6/4 20:16 ~ 2024/6/25 17:50
4.Items of personal information that were available for viewing
·full name
・Prefecture of residence (however, if the address was entered incorrectly, the address)
·telephone number
·date of birth
・Use SNS
・Motivation, etc.
Background of the leak
Since the viewing/editing range of Google form's editing URL was set to "Everyone on the Internet who knows this link can view it," anyone who knows the editing URL link can , it was possible to access the editing URL and view the above personal information.
However, the URL posted on the audition application form (URL for responses) and the URL where you can check the answer details (URL for editing) are different, and the URL posted on the audition page is for responses. Because it was a URL, the URL where personal information could be viewed was not publicly available on the audition page.
Judging from this incident, there are three possibilities for accessing the editing URL, which are currently under investigation.
- There is a possibility that a request for editing permission was received from a third party to the administrator regarding the editing URL, and the request was granted for some reason.
- However, when we checked on 2024/6/25 17:15, we did not find any incidents where editing privileges were granted to specific users outside our group. Therefore, this possibility is considered low.
- There is a possibility that for some reason, the editing URL was leaked from within our group to a third party, and the information leakage of the editing URL from that third party has expanded.
- The editing URL may have been leaked due to unauthorized access.
Furthermore, after this incident was discovered, we implemented restrictions on access to files on the cloud service at 17:50 on 2024/06/25, and the situation in which third parties could access the editing URL has been resolved.
Furthermore, at this time, we have not confirmed any damage caused by unauthorized use.
How this case came to light
After reconfirming the contents of the inquiry within the company, two people who noticed the above event contacted Buspo! on 2024/6/18 11:23 and 2024/6/25 16:28. We received an inquiry in the request section of Official X's DM.
However, since the inquiry was made in the request section of the DM, there was a delay in confirmation within our group, and the X post by one person who made the inquiry on 2024/6/25 17:01 has become a hot topic. This was discovered on June 25, 2024 at 17:15, and this incident, including the existence of the two inquiries above, was revealed within our group.
Contact information regarding this matter
Brave group general inquiry desk
contact_all@bravegroup.co.jp