On Thursday, 7-Eleven Japan suspended a recently-launched mobile payments feature on its 7Pay app after a flaw allowed a third party to make bogus charges on hundreds of customer accounts.
The company released the feature on Monday, July 1st: it allowed customers to scan a barcode with the app and charge a linked credit or debit card. However, the company received a complaint the next day: a customer noticed a charge that they didn’t make. The app had a flaw, according to Yahoo News Japan (via ZDnet). A hacker would only need to know a user’s date of birth, their email, and phone number, and could send a password reset request to another email address. The app also defaulted people’s birthdates to January 1st, 2019 in instances where…
from The Verge – All Posts https://ift.tt/2NDNZlV