Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

7-Eleven's Bad App Design Let Criminals Steal More Than $500,000

Accepted submission by upstart at 2019-07-09 05:49:06

████ This a robot sub and needs a many editing, ████

Submitted via IRC for AnonymousLuser

7-Eleven's Bad App Design Let Criminals Steal More Than $500,000 []

Privacy and Security []

Hundreds of 7-Eleven customers who downloaded a new mobile payment app in Japan were robbed out of hundreds of thousands of dollars due to some staggeringly idiotic security lapses in the app.

Yahoo Japan [] reports that 7-Eleven Japan released the 7pay app on July 1, and within a day customers started complaining about suspicious charges to their linked payment cards. On July 3, the company confirmed [] accounts could be accessed by third parties and announced it would stop charging credit and debit cards through the app.


According to the Yahoo report, hackers simply needed to input a customer’s birthdate, phone number, and email address to request a password reset link. But it seems that a hacker could even request that the reset link be sent to whatever email address they wanted. It also seems that if a customer hadn’t entered a birthdate, then the app would default to January 1, 2019, which would make it even easier for a fraudster to gain access.

According to 7-Eleven parent company Seven & I Holdings Co., 900 people were affected by the screw-up and about ¥55 million (a little more than $500,000, depending on exchange rates) was collectively stolen. “We will compensate for all the damage to the customers who suffered from this matter,” a translated version of the company’s statement reads []. “We will thoroughly investigate the cause of this issue and plan improvement measures for a drastic solution.”

While U.S. residents may not expect much from a 7-Eleven payment app, the poor design is surprising considering 7-Eleven Japan’s parent company also owns Seven Bank, which operates ATMs at 7-Eleven stores throughout the country.

The Japan Times reports [] that the Japan Ministry of Economy, Trade and Industry decided that Seven & I Holdings Co. failed to follow proper financial guidelines and did not make sufficient effort to protect customers’ security.

Original Submission