Two Chinese Men: Japanese authorities announced the arrest of two Chinese men over the weekend in connection with the compromise of the 7Pay app. 7Pay was launched early last week by 7-Eleven’s Japanese business as a way for customers to purchase items in stores. Within days of the app’s release, customers began complaining about fraudulent charges. The hackers were able to take control of user’s accounts through a poorly-designed password reset feature. The attackers only required a user’s email, birth date, and phone number to initiate a password reset, and could then choose to have the reset email sent to a different email. The attackers were able to utilize data exposed during older data breaches to test against the 7Pay app until they found accounts which matched and then initiate a password reset to take over the account. Approximately 900 customers were affected, according to a statement from the company and fraudulent charges totaled $506,000. The mobile payment app has since been suspended until the security of the application can be improved.
Analyst Notes
Even though the hackers behind the attacker are Chinese nationals, it is unlikely that there are any ties to the Chinese government.
