Latest in Gear

Image credit: 7-Eleven

7-Eleven Japan's weak app security led to a $500,000 customer loss

The 7pay app was deactivated after just a couple of days.
389 Shares
Share
Tweet
Share

Sponsored Links

7-Eleven

7-Eleven Japan's mobile payment app had such poor security measures, the company had to shut it down just a couple of days after its release. In an announcement explaining the issue, the company admitted that hackers were able to break into 900 users' accounts and to charge 55 million yen ($507,000) in illegal purchases to their debit and credit cards on file within that period, from July 1st when the 7pay app rolled out to July 3rd when the service was shut down.

The app was troubled from the start, with customers complaining of illegal transactions made through their accounts since day one. According to ZDNet, the app's poorly designed password retrieval method was to blame. Instead of automatically sending an email to the address users had on file, the app allowed them to retrieve their passwords using any email address.

In other words, the high-tech thieves didn't even have to make the extra effort of infiltrating users' inboxes: they only had to find out people's email addresses, their dates of birth and their phone numbers. And we all know how easy it is to look those up these days, with almost everyone having social media accounts. The fact that the app used January 1st, 2019 as the default birthday of everyone who signed up without specifying their own made it much easier for the bad players, as well. All they needed to do after they gained entry to an account was to generate a barcode with the app every time they paid at a 7-Eleven outlet.

The company promises to compensate everyone who fell victim to the breach. Japanese authorities arrested a couple of Chinese men who attempted to pay for purchases amounting to thousands of dollars using stolen 7pay IDs. They now believe that an international group, which includes a hacker, might be involved. While the incident is still under investigation, the country's Ministry of Economy, Trade and Industry has determined that company failed to follow guidelines to prevent unauthorized access. The agency is urging the company boost its security measures if it wants to re-launch 7pay in the future.

Via: ZDNet
Source: 7-Eleven
Coverage: JapanTimes
In this article: 7-eleven, 7pay, app, breach, gear, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
389 Shares
Share
Tweet
Share

Popular on Engadget

Lebanon plans to charge a fee for internet voice calls

Lebanon plans to charge a fee for internet voice calls

View
California's Earthquake Early Warning system rolls out statewide

California's Earthquake Early Warning system rolls out statewide

View
Motorola invite hints at a 'reinvented' RAZR

Motorola invite hints at a 'reinvented' RAZR

View
Get $24 off the Nintendo Switch on Amazon

Get $24 off the Nintendo Switch on Amazon

View
Supreme’s burner phone is a hypebeast’s dream

Supreme’s burner phone is a hypebeast’s dream

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr