[ad_1]
On Thursday, 7-Eleven Japan suspended a recently launched mobile payment feature on its 7Pay app after a flaw allowed a third party to falsely charge hundreds of customer accounts.
The company released the feature on Monday, July 1: it allowed customers to scan a barcode with the app and charge a linked credit or debit card. However, the company received a complaint the following day: a client noticed a charge that he had not brought. The application had a defect, according to Yahoo News Japan (via ZDnet). A hacker would only need to know the date of birth, email and phone number of a user and could send a request to reset the pbadword to another email address. The application also reported the date of birth of persons as of January 1, 2019 in cases where they did not fill the field, which further simplified the creation of an account.
In this case, the hackers seem to have automated the attack and, according to the company, about 900 people would have had their accounts targeted and would have paid 55 million yen (500 000 USD). 7-Eleven Japan has announced that it has suspended the feature by preventing the application from loading the linked cards, posted a warning on the website of the 7pay feature and stopped recording new users. The company also announced that it would compensate users whose accounts had been hacked and would set up a hotline.
A member of the Japanese Ministry of Economy, Trade and Industry told the company that she needed to strengthen her safety, according to Japan Timesand that he did not follow the safety instructions. Japanese authorities have since arrested two people who were trying to use a pirated account and thought they could be connected to (or have been hired by) a Chinese criminal group known for using stolen identities online.
Source link