.png "back to home page")
/cdn.vox-cdn.com/uploads/chorus_image/image/64681133/1139347392.jpg.0.jpg)
“A hacker only needed a 7pay user's email address, DOB & phone number. An additional field in the password reset section allowed the hacker to request that the password reset link be sent to a third-party email address (under the hacker's control)” ?♂️ https://t.co/rDL9MGTw7R
— Troy Hunt (@troyhunt) July 6, 2019
Amazing, 7 Eleven launch mobile payment app: a day after launching it attackers stole half a million USD from customers, as the app had no security around password reset (any user could reset anybody else’s password) https://t.co/EyBrcFYMlL
— Kevin Beaumont ? (@GossiTheDog) July 4, 2019
You had one job https://t.co/Z6WlRUjIMB
— Mike Dudas (@mdudas) July 7, 2019
7-Eleven Japan launched a mobile payment app with a password reset feature that allowed sending the link to a new email address & only needed user's email address, DOB & phone number.
— Dare Obasanjo (@Carnage4Life) July 6, 2019
So far hackers have stolen $510,000 from users in less than a week. ?https://t.co/Dwj4JlJIvy
Amazing, 7 Eleven launch mobile payment app: a day after launching it attackers stole half a million USD from customers, as the app had no security around password reset (any user could reset anybody else’s password) https://t.co/EyBrcFYMlL
— Kevin Beaumont ? (@GossiTheDog) July 4, 2019
I imagine an internal conversation prior to prod deployment went something like this:
— vortex (@vortexau) July 5, 2019
Dev: "This app deals with financial transactions, we should have a pentest to ensure it's safe."
PM: "We don't need a pentest, Joe ran a vuln scan and it was clean!"https://t.co/fXq7sADnjy
7-Eleven Japanese customers lose $500,000 due to mobile app flaw. https://t.co/vvVJQKH8mI
— Ninja Economics (@NinjaEconomics) July 6, 2019
zdnet はきちんと「パスワードリセット機能設計の欠陥」という記事を出してる。https://t.co/DT1b6Z42cj
— Morihiro Ryu (@garyu) July 6, 2019
Seven-Eleven mobile pay hack hits Japan's drive to go cashlesshttps://t.co/yeocRcQ0QO
— Nikkei Asian Review (@NAR) July 6, 2019
Seven-Eleven mobile pay hack hits Japan's drive to go cashless https://t.co/UX6lBhpHdS
— TokyoReporter (@tokyoreporter) July 7, 2019
Seven-Eleven mobile pay hack hits Japan's drive to go cashless https://t.co/dh8OQqwhWc (Nikkei Asian Review)
— Hikosaemon (@hikosaemon) July 6, 2019
7-Eleven Japan shut down its mobile payment app after hackers stole $500,000 from users https://t.co/hYeXgEbGml
— The Cyber Security Hub (@TheCyberSecHub) July 7, 2019
7-Eleven Japan shut down its mobile payment app after hackers stole $500,000 from users - The Verge https://t.co/HWTsN1xgD9
— すまほん!! (@sm_hn) July 7, 2019
7-Eleven Japan shut down its mobile payment app after hackers stole $500,000 from users https://t.co/Q9Rl1wUKfR pic.twitter.com/rU7QBu1MVg
— The Verge (@verge) July 6, 2019
セブンイレブンの7payの件、The Vergeで記事になってる。https://t.co/gpIwOfiKRK
— 遠藤諭 / 元月刊アスキー編集長 (@hortense667) July 7, 2019
7pay問題、The VergeやEngadget USでもニュースになってるのか…。 https://t.co/Zrp63kbGxNhttps://t.co/t1aZU6aS2B
— Takeru (@takeru0204) July 7, 2019
7-Eleven 일본 고객은 7pay 비밀번호의 부정 이용으로 50 만 달러를 잃었습니다 https://t.co/ow5ljVIeUP
— editoy (@editoy) July 8, 2019
7-Eleven Japanese customers lose $500,000 due to mobile app flaw
— 김진욱 (@wugeej) July 5, 2019
Hackers exploit 7-Eleven's poorly designed password reset function to make unwanted charges on 900 customers' accounts.https://t.co/ZI7nxL43gahttps://t.co/bE6li3jgvO pic.twitter.com/wgNg3V47fR
Hacking 7-Elevenhttps://t.co/5ng8ddCg58
— Pandaily (@thepandaily) July 8, 2019
일본 7일레븐이 모바일 결제 서비스를 내놨다가 1주일 만에 철회했는데, 그 이유가 사용자의 생년월일, 이메일 주소, 전화번호만 알면 *다른 이메일*로 비밀번호를 리셋할 수 있는 문제로 중국 해커들이 서비스 개시 하루 만에 6억 원 가까이를 털어가서...https://t.co/psCLalQlxs
— 이주형 (쿠도군) (@KudoKun_) July 8, 2019
7-Eleven Japan's weak app security led to a $500,000 customer loss https://t.co/Y2b2cwo2C3 pic.twitter.com/EHt9o7CVqc
— #AI (@AI__TECH) July 7, 2019