7-Eleven Japan recently released a new feature on their 7payments app. This feature allowed users to make mobile payments by scanning a barcode on the app and it would charge the linked credit or debit card. But they had to suspend this new feature on Thursday.
7-Eleven Japan suspended their new feature because hackers stole $500,000 from customers. They realized something was wrong when a customer complained that there were charges on her account that she did not make. According to Yahoo News Japan, the app had a huge flaw that created this hacking easy. Hackers only needed a user’s email, phone number, and birthdate in order to send a reset password link to a different email. For users that did not fill out the birthdate part of their account, the app would automatically default it to January 1st, 2019, this made it even easier for hackers.
Over 900 users had their accounts targeted in this automated attack. A total of $500,000 was stolen. The feature has been suspended and is no longer charging linked cards and stopped registering new customers. 7-Eleven Japan also posted a warning on their website. The company will also compensate the users who were hacked as well as set up a support line.
The company was told by a member of Japan’s Ministry of Economy, Trade and Industry, that they need to better their security and that they were not following the proper security guidelines. Two individuals who tried to use a hacked account were arrested by Japanese authorities. They believe they may be connected to the hackings.