Latest in Gear

Image credit: 7-Eleven

7-Eleven Japan's weak app security led to a $500,000 customer loss

The 7pay app was deactivated after just a couple of days.
388 Shares
Share
Tweet
Share
Save

Sponsored Links

7-Eleven

7-Eleven Japan's mobile payment app had such poor security measures, the company had to shut it down just a couple of days after its release. In an announcement explaining the issue, the company admitted that hackers were able to break into 900 users' accounts and to charge 55 million yen ($507,000) in illegal purchases to their debit and credit cards on file within that period, from July 1st when the 7pay app rolled out to July 3rd when the service was shut down.

The app was troubled from the start, with customers complaining of illegal transactions made through their accounts since day one. According to ZDNet, the app's poorly designed password retrieval method was to blame. Instead of automatically sending an email to the address users had on file, the app allowed them to retrieve their passwords using any email address.

In other words, the high-tech thieves didn't even have to make the extra effort of infiltrating users' inboxes: they only had to find out people's email addresses, their dates of birth and their phone numbers. And we all know how easy it is to look those up these days, with almost everyone having social media accounts. The fact that the app used January 1st, 2019 as the default birthday of everyone who signed up without specifying their own made it much easier for the bad players, as well. All they needed to do after they gained entry to an account was to generate a barcode with the app every time they paid at a 7-Eleven outlet.

The company promises to compensate everyone who fell victim to the breach. Japanese authorities arrested a couple of Chinese men who attempted to pay for purchases amounting to thousands of dollars using stolen 7pay IDs. They now believe that an international group, which includes a hacker, might be involved. While the incident is still under investigation, the country's Ministry of Economy, Trade and Industry has determined that company failed to follow guidelines to prevent unauthorized access. The agency is urging the company boost its security measures if it wants to re-launch 7pay in the future.

Via: ZDNet
Source: 7-Eleven
Coverage: JapanTimes
In this article: 7-eleven, 7pay, app, breach, gear, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
388 Shares
Share
Tweet
Share
Save

Popular on Engadget

Sonos' portable smart speaker leaks in greater detail

Sonos' portable smart speaker leaks in greater detail

View
Kevin Smith is making a 'He-Man' anime series for Netflix

Kevin Smith is making a 'He-Man' anime series for Netflix

View
SpaceX Starman Roadster completes its first orbit around the Sun

SpaceX Starman Roadster completes its first orbit around the Sun

View
Tesla's relaunched solar power efforts include $50 panel rentals

Tesla's relaunched solar power efforts include $50 panel rentals

View
After Math: Plead the fifth

After Math: Plead the fifth

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr