The Japanese-US supermarket chain 7-Eleven had to suspend its new application for payments in its stores, launched less than a week ago, due to some serious design errors that had allowed some hackers to steal almost 450 thousand euro from 900 customers. The app, which is called 7Pay, was made available to customers on July 1st and allowed them to pay in supermarkets by scanning a barcode linked to a credit card. The password recovery system, in case of forgetfulness, was however poorly designed: it was in fact sufficient to know a user's date of birth, email and telephone number to request a new password to be sent to an email address other than the one indicated. at the time of registration. In addition, the app set the default date of birth of January 1, 2019, if a date was not indicated at the time of signing up, making it even easier for hackers to work.
Following the first reports of unauthorized transactions from customers, 7-Eleven investigated the situation and discovered that the problem had affected at least 900 subscribers to the app, which was therefore suspended. The company has pledged to reimburse customers and has been criticized by the Japanese Ministry of Economy for carelessness in managing the app. Two people suspected of carrying out some of the unauthorized transactions were arrested.