Return To Article
Approximately 900 customers of 7-Eleven Japan have lost a collective of ¥55 million ($510,000) after hackers hijacked their 7pay app accounts and made illegal charges in their names.
The incident was caused by an appalling security lapse in the design of the company’s 7pay mobile payment app, which 7-Eleven Japan launched in the country on Monday, July 1.
The 7pay mobile app was designed to show a barcode on the phone’s screen when customers reach the 7-Eleven cashier counters. The cashier scans the barcode, and the bought goods are charged to the user’s 7pay app and the customer’s credit or debit cards that have been saved in the account.
However, in a mind-boggling turn of events, the app contained a password reset function that was incredibly poorly designed. It allowed anyone to request a password reset for other people’s accounts, but have the password reset link sent to their email address, instead of the legitimate account owner.