On Thursday, 7-eleven Japan has suspended its newly launched mobile payments feature on its 7Pay app after a breach allowed a third party to make bogus charges on hundreds of customer accounts. They have such poor security measure that they had to shut it down just after a couple of days of its release.
The company released the feature on Monday, it allowed customers to scan a barcode with the app and charge a linked credit or debit card. Later, they have received a complaint the next day as a customer noticed a charge that they didn’t make. In an announcement of explaining the issue, the company admitted that hackers were able to break into 900 users’ accounts and to charge 55 million yen ($507,000) in illegal purchases to their debit and credit cards on file within that period, it started from 1st July when the 7pay app rolled out to July 3rd when the service was shut down.
However, the app was troubled from the start, with customers complaining of illegal transactions made through their accounts since day one. According to the ZDNet, the app was poorly designed its password retrieval method is the main cause for the security breach. Instead of automatically sending an email to the address users had on file, the app allowed them to retrieve their passwords using any email address.
In simple words, the high-tech hackers did not even need to do any extra effort of infiltrating users’ inboxes. They only had to find out people’s email addresses, their dates of birth and their phone numbers. And we all know how easy it is to find this information these days. The fact that the app used January 1st, 2019 as the default birthday of everyone who signed up without specifying their own and it made much easier for the bad players to hack into their accounts. All they need is to get entry to an account was to generate a barcode with the app every time they paid at a 7-Eleven outlet.
7-eleven Japan promises to compensate customers for their loss. More to this story, Japanese authoritiesarrested a couple of Chinese men who attempted to pay for purchases amounting to thousands of dollars using stolen 7pay IDs. The authorities now believe that an international group of hackers might be involved, and believed that they are connected to a Chinese crime ring known for using stolen identities online. The incident is still under investigation, the country’s Ministry of Economy, Trade, and Industry have determined that the company failed to follow guidelines to prevent unauthorized access.
The agency has adviced the company to increase its security measures if they want to re-launch 7pay in the future.