7-Eleven Japan recently launched a mobile payments feature on its 7Pay app which enabled customers to simply scan a barcode in the app and charge a linked credit or debit card. Merely a week after this was announced, the feature has been pulled after a vulnerability in the app allowed hackers to steal $500,000 from users through bogus charges.
The company had received a complaint about this the very next day after launching the feature on July 1st. A customer had noticed that they had been billed a charge that they didn’t make. The flaw in the app simply required hackers to know the user’s date of birth, email, and phone number.