Gov't urges 7-Eleven to take preventive measures after 7pay fraud

More urging instead of demanding and fining. The Japanese government is as useful as reproductive organs on catholic priests.

So, the government is ‘urging’ 7/11 to take more care. I am ‘urging’ the government to introduce the direct debit system that ‘modern’ countries have been using for nearly half a century.

This government advice is about as useful as my wife telling me to be more careful after the car gets stolen. Adding insult to injury.

I wish Japanese banks twenty years ago had pushed to have debit cards usable in most places like they do in the US.

Bank cards are a lot more secure than these retail pay cards and you wouldn't have to get a different one for every frickin business.

From other sources I understand that as many as 900 accounts were used illicitly, which to me begs the question of how the IDs and passwords were disclosed. They may have been hacked, but they may have been sold by an inside source.

Other news sources are saying the password reset system could be used to send a password reset to an email of the hackers choosing, and the hacker could then perform the reset using (in many cases) using publicly accessible information such as date of birth.

Quite unbelievable that such a high profile company can mess up something simple like a password reset.

Side gripe: Also unbelievable that many Japanese companies don't allow users to include alphanumeric symbols (#$@* etc) in passwords. Cyber-security seems to be a joke in most Japanese companies. It wouldn't have prevented this hack it seems, but I'm sure many people get hacked every day because of it.

You'd have thought that they'd have preventive measures already?

The story makes no sense, were the accounts hacked? Did the chinese guys use fake ID's? How did they steal from 900 customers when they are only talking about 1 ID... sounds like a bunch of mismanagement.

The industry ministry on Friday told the operator of Seven-Eleven convenience stores in Japan its mobile payment service was not secure enough

just in case they hadn't figured it out already? 「(°ヘ°)

As already mentioned, the password reset system is the most likely source, but with such poorly written software it's very possible the system had other vulnerabilities as well. I can tell you from experience the Chinese hackers are constantly bombarding Japanese (and probably other) shopping sites looking for weaknesses. When such an attack occurs the IP address is almost always from China. So no, it doesn't have to be an inside job or malware download.

Side gripe: Also unbelievable that many Japanese companies don't allow users to include alphanumeric symbols (#$@* etc) in passwords. Cyber-security seems to be a joke in most Japanese companies. It wouldn't have prevented this hack it seems, but I'm sure many people get hacked every day because of it.

Yes, I remember pretty recently a password of 4-8 characters with no symbols was the standard Japanese password, lol. Even Mitsui Sumitomo Visa Card had that restriction. The problem is Japanese companies copy the work of other Japanese companies instead of looking at English sites that have put more thought into their design and security.

Amusing that bank debit card are not in universal use in Japan. At least the ones I have experience of have fairly tight security (nothing is perfect) so if Japanese banks follow the same protocols they should be a far better solution both for security and customer convenience.

From other sources I understand that as many as 900 accounts were used illicitly, which to me begs the question of how the IDs and passwords were disclosed.  They may have been hacked, but they may have been sold by an inside source.

smart move on the crims' part... 146 CARTONS of electronic cigarette cartridges .... "no guv, they're for my personal use; I'm a heavy vaper".... who are these people.... （⌒▽⌒）

I'm sure this government urging will do the trick.

Otherwise, they might be forced to urge them a second time.

LOL!

Like, I said all along:

Most likely it was an inside job or physical hack. 

They just arrested a female Chinese part-time worker at 7-Eleven. She helped the "hackers" commit the crime.

@AlexEinz

no it doesnt involve inside or physical hack... its extremely widespread to get id details, cc details are widely hacked and available and so on

Ha! Security expert......right!

no it doesnt involve inside or physical hack... its extremely widespread to get id details, cc details are widely hacked and available and so on.. just go to proper hacking forums and you see... the thing is, most of these credit or financial companies dont have any actual enticement to really improve their security... its 2019 and they only now started doing proper 2fa / hardware token for bankin.. and the mobile apps have practically zero security... , instead they just drop a percentage to insurance and its well easier than upgrading their systems

no it doesnt involve inside or physical hack... its extremely widespread to get id details, cc details are widely hacked and available and so on.. just go to proper hacking forums and you see...

People who deal in data on hacking forums obtaining that information through people who actually had inside or physical access. Almost all of the cases in Japan of hacking has been through physical or inside hacking. The credit card scam a few years ago involved the gang purchasing south african CC#'s that was shown to be an inside job.

Just because you see the final product (stolen data) doesn't mean you understand all the steps in the chain. Most real hacking involves a physical or inside component to the hack. Even malware and viruses needs the victim to willing agree to download the files(inside).

8 Most Common Causes of Data Breach

It seems as though not a day goes by without a headline screaming that some organization has experienced a data breach, putting the business – and its customers and partners – at risk. To keep your own organization out of the news, it’s important to understand the most common causes of data breaches and what you can do to mitigate the threats they present.

1.   Weak and Stolen Credentials, a.k.a. Passwords

Hacking attacks may well be the most common cause of a data breach but it is often a weak or lost password that is the vulnerability that is being exploited by the opportunist hacker. Stats show that 4 in 5 breaches classified as a “hack” in 2012 were in-part caused by weak or lost (stolen) passwords!

Simple Solution: Use complex passwords and never share passwords.

2.   Back Doors, Application Vulnerabilities

Why bother breaking the door down when the door is already open? Hackers love to exploit software applications which are poorly written or network systems which are poorly designed or implemented, they leave holes that they can crawl straight through to get directly at your data.

Simple Solution: Keep all software and hardware solutions fully patched and up to date.

3.   Malware

The use of both direct and in-direct Malware is on the rise. Malware is, by definition, malicious software: software loaded without intention that opens up access for a hacker to exploit a system and potentially other connected systems.

Simple Solution: Be wary of accessing web sites which are not what they seem or opening emails where you are suspicious of their origin, both of which are popular methods of spreading malware!

4.   Social Engineering

As a hacker, why go to the hassle of creating your own access point to exploit when you can persuade others with a more legitimate claim to the much sought after data, to create it for you?

Simple Solution: If it looks too good to be true then it probably is too good to be true. If you were going to bequeath $10 Million US Dollars to someone you had never met, would you send them an email?

5.   Too Many Permissions

Overly complex access permissions are a gift to a hacker. Businesses that don’t keep a tight rein on who has access to what within their organization are likely to have either given the wrong permissions to the wrong people or have left out of date permissions around for a smiling hacker to exploit!

Simple Solution: Keep it Simple.

6.   Insider Threats

The phrase “keep your friends close and your enemies closer” could not be any more relevant. The rogue employee, the disgruntled contractor or simply those not bright enough to know better have already been given permission to access your data; what’s stopping them copying, altering or stealing it?

Simple Solution: Know who you are dealing with, act swiftly when there is a hint of a problem and cover everything with process and procedure backed up with training.

7.   Physical Attacks

Is your building safe and secure? Hackers don’t just sit in back bedrooms in far off lands, they have high visibility jackets and a strong line in plausible patter to enable them to work their way into your building and onto your computer systems.

Simple Solution: Be vigilant, look out for anything suspicious and report it.

8.   Improper Configuration, User Error

Mistakes happen and errors are made.

Simple Solution: With the correct professionals in charge of securing your data and the relevant and robust processes and procedures in place to prevent user error, then mistakes and errors can be kept to a minimum and kept to those areas where they are less likely to lead to a major data breach.

yes if you define trojan as having physical access , you are technically right, yet today with available zero exploits all you would need to do is open a browser.. it even could be your familiar porn website... which was hacked and malware injected ... especially that lovely wordpress so many website use is hacked daily.

yes if you define trojan as having physical access , you are technically right,*

Common sense would tell you that the easiest methods will always be the most common. The most common type of hacking is low-tech because not everyone has the resources of large teams or whole countries to support them while spending months to plan their hack.

Does anyone here know the most common hacks in Japan?

1) Ore, Ore phone calls (Social Engineering). You need to call the target, and you need to pick up the cash

usually in person because fewer cameras.

2) Credit card skimming (Either with device set up somewhere or carrying a chip reader). You need to be in

proximity for both.

Both are low-tech and require physical access or inside access.

Real hackers simply sell the info to nefarious types because it is safer. If these two guys purchase the information online it still doesn't disprove that the original hackers acquire the information through a low tech hack.

Most likely it was an inside job or physical hack. Most real world hacking involves having some kind of physical access to the machines or people being targeted. It really isn't like the movies where you see some socially awkward person hidden in a basement thousands of miles away with several computer screens running data too fast for the human eye to actually read.

> International hacking gangs are terrible. Is there a perfect way to prevent their crimes?

I wouldn't call two people a criminal hacking gang. It is more like two folks living in Japan trying to make a fast buck because the fast food and convenience store jobs you get while enrolled in a language school ain't cutting.

International hacking gangs are terrible. Is there a perfect way to prevent their crimes?