The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© KYODOGov't urges 7-Eleven to take preventive measures after 7pay fraud
TOKYO©2024 GPlusMedia Inc.
The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© KYODO
21 Comments
Login to comment
Chip Star
More urging instead of demanding and fining. The Japanese government is as useful as reproductive organs on catholic priests.
Do the hustle
So, the government is ‘urging’ 7/11 to take more care. I am ‘urging’ the government to introduce the direct debit system that ‘modern’ countries have been using for nearly half a century.
nandakandamanda
This government advice is about as useful as my wife telling me to be more careful after the car gets stolen. Adding insult to injury.
Speed
I wish Japanese banks twenty years ago had pushed to have debit cards usable in most places like they do in the US.
Bank cards are a lot more secure than these retail pay cards and you wouldn't have to get a different one for every frickin business.
Mlodinow
Other news sources are saying the password reset system could be used to send a password reset to an email of the hackers choosing, and the hacker could then perform the reset using (in many cases) using publicly accessible information such as date of birth.
Quite unbelievable that such a high profile company can mess up something simple like a password reset.
Side gripe: Also unbelievable that many Japanese companies don't allow users to include alphanumeric symbols (#$@* etc) in passwords. Cyber-security seems to be a joke in most Japanese companies. It wouldn't have prevented this hack it seems, but I'm sure many people get hacked every day because of it.
Ascissor
You'd have thought that they'd have preventive measures already?
gogogo
The story makes no sense, were the accounts hacked? Did the chinese guys use fake ID's? How did they steal from 900 customers when they are only talking about 1 ID... sounds like a bunch of mismanagement.
jiji Xx
just in case they hadn't figured it out already? 「(°ヘ°)
therougou
As already mentioned, the password reset system is the most likely source, but with such poorly written software it's very possible the system had other vulnerabilities as well. I can tell you from experience the Chinese hackers are constantly bombarding Japanese (and probably other) shopping sites looking for weaknesses. When such an attack occurs the IP address is almost always from China. So no, it doesn't have to be an inside job or malware download.
Yes, I remember pretty recently a password of 4-8 characters with no symbols was the standard Japanese password, lol. Even Mitsui Sumitomo Visa Card had that restriction. The problem is Japanese companies copy the work of other Japanese companies instead of looking at English sites that have put more thought into their design and security.
englisc aspyrgend
Amusing that bank debit card are not in universal use in Japan. At least the ones I have experience of have fairly tight security (nothing is perfect) so if Japanese banks follow the same protocols they should be a far better solution both for security and customer convenience.
Omachi
From other sources I understand that as many as 900 accounts were used illicitly, which to me begs the question of how the IDs and passwords were disclosed. They may have been hacked, but they may have been sold by an inside source.
jiji Xx
smart move on the crims' part... 146 CARTONS of electronic cigarette cartridges .... "no guv, they're for my personal use; I'm a heavy vaper".... who are these people.... (⌒▽⌒)
garypen
I'm sure this government urging will do the trick.
Otherwise, they might be forced to urge them a second time.
Silvafan
LOL!
Like, I said all along:
They just arrested a female Chinese part-time worker at 7-Eleven. She helped the "hackers" commit the crime.
@AlexEinz
Ha! Security expert......right!
Alex Einz
no it doesnt involve inside or physical hack... its extremely widespread to get id details, cc details are widely hacked and available and so on.. just go to proper hacking forums and you see... the thing is, most of these credit or financial companies dont have any actual enticement to really improve their security... its 2019 and they only now started doing proper 2fa / hardware token for bankin.. and the mobile apps have practically zero security... , instead they just drop a percentage to insurance and its well easier than upgrading their systems
Silvafan
People who deal in data on hacking forums obtaining that information through people who actually had inside or physical access. Almost all of the cases in Japan of hacking has been through physical or inside hacking. The credit card scam a few years ago involved the gang purchasing south african CC#'s that was shown to be an inside job.
Just because you see the final product (stolen data) doesn't mean you understand all the steps in the chain. Most real hacking involves a physical or inside component to the hack. Even malware and viruses needs the victim to willing agree to download the files(inside).
Alex Einz
yes if you define trojan as having physical access , you are technically right, yet today with available zero exploits all you would need to do is open a browser.. it even could be your familiar porn website... which was hacked and malware injected ... especially that lovely wordpress so many website use is hacked daily.
Silvafan
Common sense would tell you that the easiest methods will always be the most common. The most common type of hacking is low-tech because not everyone has the resources of large teams or whole countries to support them while spending months to plan their hack.
Does anyone here know the most common hacks in Japan?
1) Ore, Ore phone calls (Social Engineering). You need to call the target, and you need to pick up the cashusually in person because fewer cameras.
2) Credit card skimming (Either with device set up somewhere or carrying a chip reader). You need to be inproximity for both.
Both are low-tech and require physical access or inside access.
Real hackers simply sell the info to nefarious types because it is safer. If these two guys purchase the information online it still doesn't disprove that the original hackers acquire the information through a low tech hack.
Silvafan
Most likely it was an inside job or physical hack. Most real world hacking involves having some kind of physical access to the machines or people being targeted. It really isn't like the movies where you see some socially awkward person hidden in a basement thousands of miles away with several computer screens running data too fast for the human eye to actually read.
I wouldn't call two people a criminal hacking gang. It is more like two folks living in Japan trying to make a fast buck because the fast food and convenience store jobs you get while enrolled in a language school ain't cutting.
yoshi
International hacking gangs are terrible. Is there a perfect way to prevent their crimes?