7-Eleven’s 7Pay Mobile Payments app Gets Hacked Within Days After its Launch

Whenever a new payment service is launched in any part of the world, there is some initial excitement. In most cases, such launches go off without a hitch. That was not the case for 7-Eleven’s new mobile payment service known as 7Pay. In Japan, hundreds of people have had money stolen through this service in the first few days after its launch. Not a good sign for the company, and another clear warning as to how new payment methods should be scrutinized rather than embraced during the initial launch. 

7Pay Launch Triggers a Frenzy

Very few countries around the world have seen a major uptake in terms of mobile payment solutions. In Japan, paying with a mobile device is an everyday occurrence, which means there is plenty of competition in this space. 7-Eleven decided to get in on the action by launching its own payment service known as 7Pay. It was met with a lot of initial excitement, as tens of thousands of people installed the application on day one. That also proved to be the beginning of a major issue for hundreds of Japanese users. 

The UX Hack / Bug

According to local sources, it appears unauthorized sources have been made on user accounts through the newly launched 7Pay service. It is believed affected customers lost an average of $600 per person, which quickly adds up to a ton of funds being stolen. The reason for this account breach is not hard to find, as 7-Eleven did not integrate two-factor authentication to verify a user’s identity. As such, criminals had a rather easy time to get a hold of user accounts and their associated login and password combination. 

More specifically, any account created through 7Pay could have their password reset. Unfortunately, it was possible for anyone to request a password reset for any account that ever existed. To top it all off, criminals could have the password reset instructions sent to a third-party email address, instead of the one linked to the account at that time. It is unclear why 7-Eleven ever assumed this was a smart business decision. Criminals also needed to know the victim’s email address, date of birth, and phone number. All of this information can easily be obtained through social media and whatnot. 

Metropolitan Police Get Involved

The vast majority of the hundreds of affected users decided to file an official complaint with the Metropolitan Police in Japan. Preliminary research seems to indicate the accounts were hacked by an “international criminal organization”, although no further information has been provided in this regard. Because a total of $510,000 was stolen from the affected users, it is now pertinent to recover the stolen money. When, if, and how that will happen exactly, remains unclear at this time. 

The Future of Mobile Payments in Japan

As one would expect, this news has dealt a pretty big blow to the mobile payments industry in Japan. Although 7Pay was not even able to become a major player in the industry, the security scare may force a lot of people to more traditional solutions which do not involve the use of a mobile phone. It is unclear if 7-Eleven’s app will return in Japan in the near future, as the service has been suspended altogether until further notice. 

Disclaimer: This is not trading or investment advice. The above article is for entertainment and education purposes only. Please do your own research before purchasing or investing into any cryptocurrency or digital currency.