7-Eleven Japan Co. experienced a massive data breach which affected around 900 customers. Following this, the company decided to temporarily close its mobile payment app named 7pay. The data leak cost the company a combined ¥55 million in damages ($510,000).
The privacy breach incident reportedly occurred after launching the 7pay mobile payment app last July 1, 2019.
According to Mobile Payments Today, 7-Eleven Japan Co. received an inquiry concerning unauthorized charges. Upon receiving the customer inquiry, the company reportedly conducted an immediate investigation.
Seven & i Holdings Co., the operator responsible for the attack, initially launched the program across 20,000 establishments in Japan.
Security Lapses
The 7pay app allows customers to pay for their goods upon showing a barcode on their smartphone, states ZD Net. Customers using the app will have their credit or debit cards charged accordingly once the cashier scans the barcode.
Based on the report published by ZD Net, the program contained security lapses. The application included a password reset function that “allowed anyone to request a password reset for other people’s accounts.” Once the hacker obtained control over the original user’s information, they can access the financial details of the bearer.
To access accounts, hackers only required the email address, date of birth, and the phone number of the account holder. The hackers allegedly accessed a number of accounts by impersonating the original user. Afterwards, the hackers also made unauthorized purchases on the cards linked to the accounts.
ZD Net reports that only a day after the launching of 7pay, the company received numerous complaints. Customers contacted the company, saying they cannot access their accounts. Some consumers took to Twitter to air their concerns.
Prompt Response
On July 3, 2019, 7-Eleven Japan Co. immediately closed the 7pay mobile payment system. The company also established a customer service support center. Affected or concerned individuals should call 0120-192-044.
Last July 4, 2019, Japan Today reports that authorities arrested two Chinese individuals linked to the breach. The two individuals reportedly tried to purchase electric cigarette cartridges using an ID and password of another customer.
In the statement released by the business, 7-Eleven Japan acknowledged a loss of ¥55 million ($510,000). The president of Seven Pay Co., Tsuyoshi Kobayashi, promises to compensate the damages to affected customers, reports Japan Today. It has also stopped accepting new users to its 7pay application.
Seven Pay will resume its 7pay service after ironing out the system.
