New York (The Verge) — 7-Eleven Japan shut down its mobile payment app after hackers stole $500,000 from users theverge.com/2019/7/6/20684….
On Thursday, 7-Eleven Japan suspended a recently-launched mobile payments feature on its 7Pay app after a flaw allowed a third party to make bogus charges on hundreds of customer accounts.
The company released the feature on Monday, July 1st: it allowed customers to scan a barcode with the app and charge a linked credit or debit card. However, the company received a complaint the next day: a customer noticed a charge that they didn’t make. The app had a flaw, according to Yahoo News Japan (via ZDnet). A hacker would only need to know a user’s date of birth, their email, and phone number, and could send a password reset request to another email address. The app also defaulted people’s birthdates to January 1st, 2019 in instances where they didn’t fill out the field, making it even easier for someone to break into an account.
Japanese authorities have since arrestedtwo individuals attempting to use a hacked account, and believe that they might be connected to (or had been hired by) a Chinese crime ring known for using stolen identities online. — Andrew Liptak/@verge