Friday, July 05, 2019

Japan 7-11 quick pay system "7-ID" and "7-PAY" hacked immediately after launch


Two Chinese suspects have been arrested in Tokyo’s Shinjuku neighborhood after they suspiciously spent over JPY200,000 (US$1,850) on electronic cigarettes using 7-Pay.
 
The 7-11 Japan's quick pay system "7-Pay" has been compromised just as it was launched on July1st 2019.
The app allowed customers to pay for items in 7-11 by swiping their phone, which would automatically deduct money from a linked bank account. User’s created a “7-ID” which stored their bank account information on the phone.
Within days of the “7-pay” app’s launch, hackers discovered a way to exploit the application.
By July 4, 7-11 had shut down all payments through the app, and suspended all new user applications for the 7-pay system. According to reports, the system’s password reset function was able to be easily exploited by hackers.
According to July 5 reports, around 900 user’s have had their financial data compromised, and approximately JPY55 million (US$ 510,000) has been stolen. 
IT Home reports that the reset password function only require someone’s mobile phone number, birthday, and any valid email address. By securing the most basic information of users, hackers were able to hijack the 7-ID account of users and obtain their bank account information. It was also reported that if users did not initially enter their birthday information, the system automatically assigned a date of Jan. 1, 2019 to the user, making it that much easier for hackers to access those accounts.
Via IT Home