Hackers have just stolen US$500,000 from this mobile payment app
7-Eleven’s mobile payment feature on its app, 7Pay, was only recently launched by 7-Eleven Japan on July 1—the feature allows customers to scan a barcode and pay using a credit/debit card that is linked to the app.
However, a week is all it took for hackers to cheat the system and steal half a million U.S. Dollars, it seems. A customer first reported that they noticed a charge that they didn’t make on the app, and Yahoo News Japan has reported that there is a major loophole that has been exploited.
The way it works, the hacker would use the user’s date of birth, phone number, and email, and send a password reset request to another email address. This issue is further exacerbated by the fact that the 7Pay app lists users’ DOB as January 1 2019 if the DOB section wasn’t filled by the user.
According to 7-Eleven Japan, approximately 900 individuals had their accounts hacked, and a total of 55 million yen was fraudulently charged to their apps; the entire process seems to have been automated by the hackers. 7-Eleven Japan has suspended the feature in the meantime, and has also warned users on 7Pay’s website. Along with that, new registrations are also suspended for now.
However, it seems that this is an isolated incident for now. A representative of Japan’s Ministry of Economy, Trade and Industry has said that 7-Eleven didn’t follow standard security protocols/guidelines when developing the app, while two individuals have already caught using one of the hacked accounts. The authorities believe that they may be linked to a Chinese crime ring, but nothing is concrete as of yet.