Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Japan

7-Eleven Japanese Customers Lose $500,000 Due To Mobile App Flaw (zdnet.com) 67

Approximately 900 customers of 7-Eleven Japan have lost a collective of $510,000 after hackers hijacked their 7pay app accounts and made illegal charges in their names. From a report: The incident was caused by an appalling security lapse in the design of the company's 7pay mobile payment app, which 7-Eleven Japan launched in the country on Monday, July 1. The 7pay mobile app was designed to show a barcode on the phone's screen when customers reach the 7-Eleven cashier counters. The cashier scans the barcode, and the bought goods are charged to the user's 7pay app and the customer's credit or debit cards that have been saved in the account. However, in a mind-boggling turn of events, the app contained a password reset function that was incredibly poorly designed. It allowed anyone to request a password reset for other people's accounts, but have the password reset link sent to their email address, instead of the legitimate account owner.
This discussion has been archived. No new comments can be posted.

7-Eleven Japanese Customers Lose $500,000 Due To Mobile App Flaw

Comments Filter:
  • by Reaper9889 ( 602058 ) on Friday July 05, 2019 @09:08AM (#58877124)

    I hope this does not somehow influence their ATMs: Most ATMs in Japan do not accept Western credit/debit cards, EXCEPT 7Elevens ATMs.

    • by _merlin ( 160982 )

      Citibank ATMs accept foreign MasterCard and Visa. 7eleven ATMs stopped accepting MasterCard in 2012 IIRC (but continued to accept Visa).

    • Almost all ATMs accept western debit cards now. I can't think of one that failed since I got my chipped ATM card.
      • by Guspaz ( 556486 )

        Canadian cards worked fined when I was there years ago, but we've had chips for a long time.

  • by Anonymous Coward

    It allowed anyone to request a password reset for other people's accounts, but have the password reset link sent to their email address, instead of the legitimate account owner.

    I'm sorry, but why to people keep trusting every company who has a payment app with their money?

    Pay with a bank, and you have legal protections ... hook up a bloody app to your card which can siphon money off, and it's an authorized transaction that you're stuck with.

    All of these fucking apps that want to inject themselves into your

    • by ZorinLynx ( 31751 ) on Friday July 05, 2019 @09:29AM (#58877238) Homepage

      >why to people keep trusting every company who has a payment app with their money?

      Or at the VERY LEAST set up these apps so you have to push money TO the app from your bank, rather than let the app pull money FROM your bank any time it wants to.

      The Starbucks app is like that. Balance running low? You can add money using a secured Apple Pay transaction. I'd never give it my actual bank account details.

      I have very few things connected directly to my bank account. I'd much rather push payments than have them pulled. Too much can go wrong with ACH pulls.

      • The Starbucks app is like that. Balance running low? You can add money using a secured Apple Pay transaction. I'd never give it my actual bank account details.

        It's worth noting that Starbucks does try to get you to enroll in their auto-refill program.

        One app that does it right is from Specialty's Cafe & Bakery [specialtys.com]. As with Starbucks, you can order through the app and accrue rewards - but you don't need to keep a running balance (with Starbucks you're basically giving them money they can collect interest on). When you submit the order, you pay using Apple Pay (I assume on Android you can use their wallet).

        Now, if only Specialty's would integrate their inventory in

  • Cash ONLY (Score:2, Informative)

    by Anonymous Coward
    I have no sympathy for people that use their phone to transact money. I will only use cash or a physical credit or debit card. Phones are insecure, easy to lose, and hackable. And once someone is in, it's likely they will be able to infest the rest of your connected accounts. People that use phones for everyday transactions when cash is more than adequate deserve what they get.
  • Seven or eleven? Come on!

  • Are soon parted!

    Not seeing the down side here. Morons being fleeced for being stupid.

    I say we just take all the warning labels off and let the problem take care of itself!

  • WTF (Score:5, Interesting)

    by Ecuador ( 740021 ) on Friday July 05, 2019 @09:27AM (#58877228) Homepage

    I've never heard of a password reset for that allows you to enter an alternate email before, that's got to be a first!
    The "security" was that you also needed the phone number and the birth date. These are obviously already easy to acquire, but to make it extra-easy when you signed up the birth date was apparently optional (in which case it defaulted to Jan 1, 2019).
    The service launched July 1st and was disabled in 2 days. I'd like to know what geniuses designed/tested/approved this.

    • The designer was probably one of those that goes through email addresses like changing clothes, so figured it would be a useful idea. Those that have had the same email for decade(s) know better.
      • by tomhath ( 637240 )

        The designer was probably one of those that goes through email addresses like changing clothes

        More likely a self-taught "web programmer" who doesn't understand databases and has no idea how to program anything except calls to some framework API, so he just prompted for the email address.

  • by AndyKron ( 937105 ) on Friday July 05, 2019 @09:36AM (#58877276)
    Free Slurpiees!
  • by currently_awake ( 1248758 ) on Friday July 05, 2019 @09:36AM (#58877280)
    The story describes this as theft from the customers using the App, but it actually looks like the company that runs the App lost money due to fraud. I think a good lawyer could force the company to pay for this.
  • Why in the world would you install an app for 7-11 on your phone?

    Most apps are little more than shitty wrappers around a crappy website, but who the hell needs an app for 7-11? Is it for pre-ordering a Slurpy or a crusty 5-day old hotdog?

    Seriously- WTF does an app for 7-11 do that you'd feel it was important enough to install on your phone?

    (For non-Americans, 7-11 is a shitty chain of convenience stores that sells snacks and other miscellaneous crap. The need for an app for 7-11 is baffling to me. It's lik

    • Re:Why why why (Score:4, Interesting)

      by Zontar_Thing_From_Ve ( 949321 ) on Friday July 05, 2019 @10:19AM (#58877518)

      Why in the world would you install an app for 7-11 on your phone?

      Most apps are little more than shitty wrappers around a crappy website, but who the hell needs an app for 7-11? Is it for pre-ordering a Slurpy or a crusty 5-day old hotdog?

      I am amazed that I have to explain this, but since your comment was echoed by a lot of similar posts, I will. Ever installed the Starbucks app on your phone? Short answer - that's why people want a 7/11 app.

      Longer answer - The Starbucks app lets you deposit money into the app. I use PayPal but you can use a credit card if you prefer. I place my order, they scan my app's bar code, the money gets deducted from the app and I get credit for the order with the app. I get enough credits, Starbucks gives me free stuff. I have to manually put more money into the app. It doesn't refill unless I choose to put more money in. It's convenient because I'm not having to find cash or a credit card. Just use the app - boom - you're done. So it's not difficult to assume that 7/11 probably has some kind of reward program where you buy enough stuff through the app, you get free stuff in the store. I have no idea why this is so difficult for so many of you to understand.

      • I am amazed that I have to explain this, but since your comment was echoed by a lot of similar posts, I will. Ever installed the Starbucks app on your phone?

        No.

      • Ever installed the Starbucks app on your phone? Short answer - that's why people want a 7/11 app.

        Nope. I know people that have, but not me.

        Longer answer - The Starbucks app lets you deposit money into the app. I use PayPal but you can use a credit card if you prefer. I place my order, they scan my app's bar code, the money gets deducted from the app and I get credit for the order with the app. .............

        Okay, fair enough- that seems like a logical reason for someone to install a Starbucks or 7-11 app on their phone.

        I have no idea why this is so difficult for so many of you to understand.

        This may come as a shock, but not all of us have the same life experiences and preferences as you, which is why the idea of a 7-11 app seemed odd to me. Like the Starbucks app, that makes sense to me if you're a regular Starbucks customer. I never thought of 7-11 as a place I'd go often enough to want to have an account with them, but if it works for you

    • Re:Why why why (Score:4, Informative)

      by wired_parrot ( 768394 ) on Friday July 05, 2019 @10:21AM (#58877532)
      You have obviously never been to Japan. Japanese convenience stores have very little in common with American convenience stores. As this article [bbc.com] explains it better than I could. It's a whole different cultural experience - they stock a lot more variety and better choices than American 7-11s, with bento boxes, noodles and pancakes among the offerings. You won't find slurpies in a Japanese 7-11.
      • You have obviously never been to Japan. Japanese convenience stores have very little in common with American convenience stores.

        1) That's true, I've never been to Japan. All over SE Asia but never Japan.

        2) Also, and more to the point, I don't really give a shit what convenience stores do in Japan.

        • 1) That's true, I've never been to Japan. All over SE Asia but never Japan.

          Then why would you think non-Americans don't know what 7-11 is? It is the main chain convenience store in Thailand.

          It is way more likely that a random person in SE Asia can give you directions to the nearest 7-11 than it is for them to speak English.

    • 7-11 has a loyalty card program. Accumulate enough points after each purchase, you can get free food items. Buy a coffee six times, the seventh coffee is free. A recent promotion was six purchases in a month to get 5,000 points. In addition to hot dogs, they also have hot wings, pizza, breakfast sandwiches, and fresh fruits.
      • 7-11 has a loyalty card program. Accumulate enough points after each purchase, you can get free food items. ... In addition to hot dogs, they also have hot wings, pizza, breakfast sandwiches, and fresh fruits.

        No offense, but if I was eating at 7-11 often enough to be earning free food I'd be reevaluating my life choices trying to figure out where I went wrong and wondering why the fuck I was eating at 7-11.

    • It probably gave you a discount when you installed the app.
  • by LynnwoodRooster ( 966895 ) on Friday July 05, 2019 @10:49AM (#58877692) Journal
    Free Slurpies for All!
  • At least in the states this is what makes credit cards so popular. At most you're on the hook for $70 bucks or so and 99% of cards waive it.

    Mind you, that's only because we got laws passed. When you swipe that card for a coffee you're borrowing money, and the idea is that if a company loans money to somebody other than you by mistake then that's their problem, not yours.
  • This is very disturbing considering that 7/11 owns one of the most prolific banks in Japan ... you would think they would use similar security measures for their apps. https://en.wikipedia.org/wiki/... [wikipedia.org]

You know you've landed gear-up when it takes full power to taxi.

Working...