Apology and report regarding the leak of personal information
Today, the official VSPO! account operated by Virtual Entertainment Inc., a member of our group, posted an announcement regarding "Information regarding the VSPO! JP Audition."
While we are currently investigating, we have discovered that there is a possibility of similar personal information leaks on the same day in the "Brave group General Audition" operated by Brave group and the "HareVare VLiver Audition" operated by ENILIS Inc.
We would like to sincerely apologize to the affected individuals, as well as to our fans and other related parties, for the inconvenience and concern this may have caused.
We are currently continuing to carefully investigate this matter, but we would like to inform you of the information that is currently known (as of 22:00 on June 25, 2024).
We believe that we should promptly apologize and contact the affected individuals individually.
However, due to the above situation, we ask for your patience for a while.
Overview
We discovered at 17:15 on June 25, 2024 that responses to the Google Form for applicants of the "VSPO! JP Audition" were viewable by a third party who had learned the "edit URL" of the form in a file managed by the cloud service "Google Drive" used by our group.
However, the edit URL was not publicly available on the audition site, and we believe it is highly likely that the edit URL was leaked in some way.
We are also currently investigating the access history, and on the same day, we discovered the possibility of a similar leak of personal information in the "Brave group General Audition" operated by Brave group and the "HareVare VLiver Audition" operated by ENILIS Co., Ltd.
In light of the above situation, there is a strong possibility of deliberate leaks or unauthorized access, so we will continue to carefully investigate in the future.
What is known as of June 25, 2024
Details are currently under investigation, but the current situation (as of 22:00, June 25, 2024) is as follows.
However, please note that this is only the information known up to this point in time and may change as a result of further investigations.
"VSPO! JP Audition"
1. Number of answers that were viewable
Approximately 7,000
2. Targets of the leak
Everyone who applied for the "VSPO! JP Audition"
3. Period during which it may have occurred
June 4, 2024 20:05 - June 25, 2024 17:50
4. Items of personal information that were viewable
- Name
- Prefecture of residence (however, address for those who entered their address by mistake)
- Phone number
- Date of birth
- SNS used
- Reason for applying, etc.
"Brave group General Audition"
1. Number of answers that were viewable
Approximately 2,610
2. Targets of the leak
Everyone who applied for the "Brave group General Audition"
3. Period during which it may have occurred
June 4, 2024 19:40 - 2024/6/25 17:50
4. Items of personal information that were available for viewing
・Name
・Prefecture of residence (address for those who entered their address by mistake)
・Telephone number
・Date of birth
・SNS used
・Reasons for applying, etc.
"HareVare VLiver Audition"
1. Number of answers that were available for viewing
Approximately 1,043
2. Targets of the leak
All those who applied for the "HareVare VLiver Audition"
3. Period during which the information may have occurred
2024/6/4 20:16 - 2024/6/25 17:50
4. Items of personal information that were available for viewing
・Name
・Prefecture of residence (address for those who entered their address by mistake)
・Telephone number
・Date of birth
・SNS used
・Reasons for applying, etc.
Background of the leak
Google The viewing and editing scope of the edit URL for the form was set to "Anyone on the Internet who knows this link can view it," so anyone who knew the link could access the edit URL and view the personal information mentioned above.
However, the URL posted on the audition application form (answer URL) and the URL where the answers can be confirmed (edit URL) are different, and since the URL posted on the audition page was the answer URL, the URL where personal information can be viewed was not publicly available on the audition page.
Based on this incident, there are three possible reasons why the edit URL may have been accessible, and we are currently investigating them.
It is possible that a third party sent a request for editing permissions for the edit URL to the administrator, and for some reason this was granted.
However, when we checked at 17:15 on June 25, 2024, we did not find any incidents in which editing permissions were granted to specific users outside our group. Therefore, this possibility is considered low.
It is possible that for some reason, the editing URL was leaked to a third party within our group, and the third party then expanded the information leak of the editing URL.
It is possible that the editing URL was leaked due to unauthorized access.
After this incident was discovered, we implemented access restrictions on the files on the cloud service at 17:50 on 25/06/2024, and third parties were no longer able to access the editing URL.
In addition, at this time, we have not confirmed any facts of unauthorized use or other damage.
How this incident was discovered
After rechecking the content of the internal inquiries, we found that two people who had noticed the above issue had made inquiries in the request section of VSPO! Official X's DM on 18/06/2024 at 11:23 and 25/06/2024 at 16:28.
However, because the inquiry was made in the DM request section, confirmation within our group was delayed, and it was discovered at 17:15 on 2024/6/25 that the X post made by the person who contacted us at 17:01 was trending. This incident, including the existence of the two inquiries mentioned above, became known within our group.
Contact for this matter
Brave group general inquiry desk
contact_all@bravegroup.co.jp
![Cecilia Immergreen Ch. hololive-EN - [DEBUT STREAM] It's wind-up time!! #hololiveEnglish #holo...jpg](http://uploads.kiwifarms.st/data/attachments/6111/6111350-65608b5bb43806ccf82c26d97136f43d.jpg?hash=ZWCLW7Q4Bs "Cecilia Immergreen Ch. hololive-EN - [DEBUT STREAM] It's wind-up time!! #hololiveEnglish #holo...jpg")
