Electronic transactions make life easier. Cash has not been necessary for a long time to execute most purchases and other types of payments and financial agreements. However, despite the fact that there are more wonders that we can do with these than the dangers that lie in wait for them, we must beware of theft and scams, as well as insecure apps and payment platforms, because, as well as they can hack various systems, It is possible that they will bankrupt us if they access some of these that we handle.
7-Eleven Japan is a chain of stores that has become very popular in Japan. In fact, it is the second most important in the Asian country. This launched a payment application just a few days ago, in order to facilitate the purchases of its customers. Unfortunately, the app carried strong security flaws: It was totally vulnerable to malicious people who wanted to steal money from the platform and, therefore, from its clients.
7pay, the payment application that didn't even offer double authentication
7pay was an app designed to make payments that was launched on July 1 and that, in essence, it worked like any electronic wallet or purse. It allowed customers to scan a barcode or QR code with the app and load a linked credit or debit card to pay for the product, easily and quickly. But something bad happened the next day after it was launched, and that is that a user realized an operation that he did not perform. As a result, the app's money was deducted from him and, thanks to this, he complained to the chain of stores. From there, the end of this began.
But how not to access the account of anyone who used the 7-Eleven app, if only the user's date of birth, email and phone number were needed? Already having this data, the hacker simply had to request a password reset to obtain a new one in another email and thus access the customer's payments.
What's even worse: if the thief did not know the person's date of birth, he simply had to put the date January 1, 1999, as it is the one that was established by default for any user if they did not register theirs at first.
Around 900 customers and users of the 7pay payment app were looted; They took a total of about 55 million yen from these, which is the same to say that they took around 450 thousand euros or 500 thousand dollars, not inconsiderable figures.
To complete the poor development of the story, another security flaw that allowed the robbers without weapons to get the accounts of the application emptied was the absence of a two-step authentication system. This is necessary to secure and shield accounts, such as mail, for example, or payment processors such as Paypal, Neteller, Skrill and stop counting.
7-Eleven Japan Store | AFP
Because of all this, before it reached three days of being launched, the application was canceled, which resulted in a total disappointment, really. But things will not end badly, after all. Customers affected by the massive theft will be compensated, according to the company itself. In addition to this, a support line will be created for them, to serve them as they deserve.
On the side of justice, two Chinese subjects who appear to be involved in the mass robbery were arrested. They have tried to manage one of the hacked accounts and are possibly linked to a criminal Chinese network known to use stolen identities online, since, through the Chinese instant messaging app WeChat, they received instructions from China.
This unfortunate development could be predicted, in a certain way. In fact, a member of the Japanese Ministry of Economy, Trade and Industry told the company that it needed to strengthen its security and that it did not follow security guidelines, according to what the newspaper reported. Japan Times. It is not something that is surprising, really. We must bear in mind that we are in a world where computer security will always be at risk of being compromised, and even more so when it comes to money.