With everything going online, net banking and online payments have become a daily need for every person. The 7Pay app has recently launched a payment app called 7-Eleven, allowing the users to make their online shopping a bit easier. However, a recent case of theft of approx. $500,000 from the user’s account has caused the app to shut down.
The theft was caused due to a recent feature added in the app. Previously, the app had a flaw which allowed the third party to charge extra money on the customer accounts. To solve that problem, the company added another feature on the 1st of July which allows the customer to scan a barcode with the app and then make payment through the linked debit or credit card.
After the release of the feature, there were several complaints from the next day onwards. It seemed that the app had a flaw as the customers noticed some charges which were made through their accounts, which they have not initiated, as stated by Yahoo News Japan. The flaw allowed hackers to steal money from the customer’s account easily.
It seemed that the hacker would just need the user’s date of birth, email id and phone number after which they could reset the password by sending the reset request to another email address. After resetting the password, they can easily log in to the user account and make any transaction. If by mistake, a person has not filled the date of birth, the app would automatically mark the date of birth as 1st January 2019, making it a lot easier for anyone to hack into the account.
Because of that flaw, the hackers were able to steal 55 million from various user accounts. It was found that around 900 users were targeted by the hackers, from whom they have stolen money. For now, 7-Eleven has suspended the feature and is not allowing any new user to link their debit or credit cards until the issue is resolved.
According to the latest news, the app has stopped charging linked cards and has even posted a warning on the website stating about the 7Pay’s new feature and its flaws. It has been assured that the users, whose accounts were hacked, would get compensation from the company and even a support line would be set up.
The company has also received a warning from a member of Japan’s Trade and Industry, after the incident, telling the company to heighten its security line and also that the company needs to follow the security guidelines set up by the government. It has also been found that two hackers were arrested, who were attempting to hack into an account.
These two hackers might have some clue or link with those who hacked into the 7Pay user’s account and have stolen $500,000. The users can only be advised to take precaution before giving in any personal details and to only trust the online payment apps which are known best for their security.