Don't miss the latest stories
7-Eleven’s Careless App Design Has Thieves Pilfering US$500K Soon After Launch
By Mikelle Leow, 10 Jul 2019
Image via withGod / Shutterstock.com
The importance of thoughtful UI/UX design extends beyond aesthetics and convenience. If recent security scandals haven't brought this to light, 7-Eleven’s app might.
Due to the careless design of a new 7-Eleven mobile payment app in Japan, hundreds of customers have had an estimated ¥55 million (US$510,000) stolen from them, despite the app only debuting on 1 July.
A report by Yahoo Japan reveals that the thefts began within a day of the 7pay app’s release. Customers reported suspicious charges to their credit and debit cards soon after downloading the client.
Image via Ned Snowman / Shutterstock.com
It turns out that it was stupidly easy for hackers to access, and then use, the payment cards of 7pay users. Yahoo Japan cites that scammers simply had to enter a customer’s date of birth, email address and phone number to request a link for a password reset.
Even more shockingly, hackers found they could input any email address to receive a password reset link.
Customers who didn’t enter their birthdates were at higher risk of getting their accounts compromised, as the unspecified data would be set to 1 January 2019, making it easier for online thieves to get into their accounts.
7pay was launched by 7-Eleven parent company Seven & I Holdings Co. In Japan, the conglomerate owns Seven Bank, which is in charge of ATMs in 7-Elevens across the country, so it’s worth noting that the breach didn’t just involve convenience store payments.
According to the Japan Times, even the nation’s Ministry of Economy, Trade and Industry called out the 7-Eleven parent company on its negligence in abiding financial guidelines, adding that it failed to protect the security of customers.
In an official statement, Seven & I Holdings Co. confirms that third parties were able to access user accounts, and that about 900 customers were subjected to the vulnerabilities. All payments from debit and credit cards made through the app have since been halted.
The company assures that it will compensate customers for “all the damage,” and that investigations are underway to locate the cause of the thefts and, in turn, strengthen security measures.
The Japan Times additionally reports that Tokyo police have identified and arrested at least two men suspected of purchasing over US$6,000 worth of e-cigarette pods through illegal means in the 7pay app. The men are believed to be members of a cybercrime ring.
[via Gizmodo, images via Shutterstock]
More related news
Also check out these recent news