LY Corporation: Improper Access Control in LINE Timeline API that returns a list of hidden friends

Due to an insufficient access control check in an API endpoint for LINE Timeline function, it was possible for an attacker to retrieve a hidden list of any LINE users. Users can configure the hidden list not to show someone's post on their Timeline. Using this vulnerability, an attacker can get a...