7-Eleven's Bad App Design Let Criminals Steal More Than $500,000
upstart writes:
Submitted via IRC for AnonymousLuser
7-Eleven's Bad App Design Let Criminals Steal More Than $500,000
Hundreds of 7-Eleven customers who downloaded a new mobile payment app in Japan were robbed out of hundreds of thousands of dollars due to some staggeringly idiotic security lapses in the app.
Yahoo Japan reports that 7-Eleven Japan released the 7pay app on July 1, and within a day customers started complaining about suspicious charges to their linked payment cards. On July 3, the company confirmed accounts could be accessed by third parties and announced it would stop charging credit and debit cards through the app.
According to the Yahoo report, hackers simply needed to input a customer's birthdate, phone number, and email address to request a password reset link. But it seems that a hacker could even request that the reset link be sent to whatever email address they wanted. It also seems that if a customer hadn't entered a birthdate, then the app would default to January 1, 2019, which would make it even easier for a fraudster to gain access.
Also at:
https://techbeacon.com/security/7-elevens-7pay-app-hacked-day-due-appalling-security-lapsehttps://www.engadget.com/2019/07/06/7-eleven-japan-app-security-loss/
Read more of this story at SoylentNews.