TAIPEI (Taiwan News) – It has been reported that Japan’s 7-Eleven convenience store chain launched a mobile pay application for smartphones in July, which was promptly exploited by hackers, jeopardizing user financial information.
Within days of the “7-pay” app’s launch, hackers discovered a way to exploit it. According to reports on July 5, around 900 users have had their financial data compromised, and approximately JPY55 million (US$510,000) has been stolen.
The app was launched on July 1 and allowed customers to pay for items at 7-Eleven by swiping their phone, which would automatically deduct money from a linked bank account. Users created a “7-ID” which stored their bank account information on the phone.
On Wednesday (July 3), several Japanese citizens posted messages on Twitter declaring that their 7-ID passwords had been tampered with. One user reported that nearly JPY60,000 (US$500) had been deducted from his bank account through the application, reports IT Home.
By July 4, 7-Eleven had shut down all payments through the app and suspended all new user applications for the 7-pay system. According to reports, the system’s password reset function was vulnerable to hacking.
IT Home says that the reset password function only requires a person's mobile phone number, birthday, and a valid email address. By securing this basic information, hackers were able to hijack users' 7-ID accounts and obtain their banking information.
What’s more, if users did not initially enter their date of birth, the system automatically assigned them a birth date of Jan. 1, 2019, making it much easier for fraudsters to obtain access to their accounts.
Sankei Shimbun reports that two Chinese suspects have been arrested in Tokyo’s Shinjuku neighborhood after they suspiciously spent over JPY200,000 (US$1,850) on electronic cigarettes using 7-Pay.