HomeGadgetsMiscellaneous GadgetsHackers Steal $500,000 After Exploiting 7-Eleven Japan Mobile App Flaw

    Hackers Steal $500,000 After Exploiting 7-Eleven Japan Mobile App Flaw

    This past Thursday, 7-Eleven Japan suspended its recently-launched mobile payments feature on its 7pay app after a flaw gave a group of hackers the perfect opportunity to cause fraudulent charges on hundreds of customer accounts.

    The company had just released the feature during this past Monday, July 1st. The new mobile feature allowed customers to scan a barcode with the app and pay with a linked credit or debit card. The first red flag came up after the company received a complaint, just the next day: a customer reported a charge that they didn’t make. Many 7pay users also tweeted about being locked out of their accounts.

    According to external sources, the app’s flaw was easily exploitable. The hackers would only need to know a user’s date of birth, their email, and phone number. After that, they could simply request a password reset that would be sent to another email address. To make it worst, the app would set people’s birthdates to January 1st, 2019 by default, for any users that didn’t fill out the birth date field, making it even easier for any of the hackers to break into those accounts.

    7-Eleven Japan 7pay

    The company reported that hackers appear to have automated the attack, and around 900 individuals had their accounts targeted and charged ¥ 55 million (around $500,000). 7-Eleven Japan confirmed that it has disabled the feature by stopping the app from charging any linked cards. The company has posted a warning to the 7pay app feature’s website and has disabled new user accounts registrations. The company assured that it would be compensating users who had their accounts hacked and confirmed that a support line has already been set up.

    7-Eleven Japan was warned by a member of Japan’s Ministry of Economy, Trade and Industry that it needed to firmly improve its security, highlighting that it didn’t follow basic security guidelines. Japanese authorities have already arrested two individuals that were attempting to use a hacked account. The detainees might be connected to or were hired by a Chinese crime ring that’s notorious for using stolen identities online.

    David Novak
    David Novak
    For the last 20 years, David Novak has appeared in newspapers, magazines, radio, and TV around the world, reviewing the latest in consumer technology. His byline has appeared in Popular Science, PC Magazine, USA Today, The Wall Street Journal, Electronic House Magazine, GQ, Men’s Journal, National Geographic, Newsweek, Popular Mechanics, Forbes Technology, Readers Digest, Cosmopolitan Magazine, Glamour Magazine, T3 Technology Magazine, Stuff Magazine, Maxim Magazine, Wired Magazine, Laptop Magazine, Indianapolis Monthly, Indiana Business Journal, Better Homes and Garden, CNET, Engadget, InfoWorld, Information Week, Yahoo Technology and Mobile Magazine. He has also made radio appearances on the The Mark Levin Radio Show, The Laura Ingraham Talk Show, Bob & Tom Show, and the Paul Harvey RadioShow. He’s also made TV appearances on The Today Show and The CBS Morning Show. His nationally syndicated newspaper column called the GadgetGUY, appears in over 100 newspapers around the world each week, where Novak enjoys over 3 million in readership. David is also a contributing writer fro Men’s Journal, GQ, Popular Mechanics, T3 Magazine and Electronic House here in the U.S.

    Must Read