ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintTitle ChevronIcon Twitter
Companies

Chinese cybercriminals suspected in 7-Eleven mobile hack of $460,000

Police think e-cigarettes purchased with 7pay app were for China's black market

E-cigarettes are especially popular with Chinese youth, making them a hot item on Chinese black markets.   © Reuters

TOKYO -- Chinese cybercriminals are believed to have exploited weak security in Seven & I Holdings mobile payment app to make unauthorized charges worth about 55 million yen ($459,961) earlier this month, affecting some 900 users.

Most of the charges made with the company's 7pay app were used to buy electronic cigarettes, leading authorities to believe that Chinese gangs were responsible for the theft. E-cigarettes are popular in China, especially among young people.

China controls the prices of all cigarettes through a state-owned monopoly, making the sale of stolen e-cigarettes an attractive way for criminals to earn cash.

There have been many similar cases in recent years, according to a Japanese investigator familiar with crimes committed by foreigners, so "there must be Chinese criminal organizations behind it."

In a related case, gangs sent e-cigarettes stolen in Japan to China via express mail, reselling them for 60% below the established price in Japan.

The trouble began in the morning of July 3. In one incident, a young man speaking broken English asked a cashier at a 7-Eleven store in Tokyo for e-cigarette cartridges. After paying about 730,000 yen with a hacked 7pay mobile app, he walked out with 146 cartons of cartridges.

This pattern was repeated throughout the day across the country, with people buying e-cigarettes and cartridges in bulk with the hacked app in an effort apparently coordinated by a criminal gang.

The thefts happened so quickly that legitimate app users had little time to react. A 58-year-old resident of Shizuoka Prefecture was stunned to see 190,000 yen worth of charges on his 7pay account in less than 40 minutes. The charges were made at two 7-Eleven stores in Tokyo, about 130 km away.

The evening before the e-cigarette caper, Seven & i Holdings started receiving complaints from users about unauthorized transactions on their 7pay apps. The company discovered that there were numerous attempts at accessing accounts from overseas locations, mainly from China.

The 7 pay app does not have two-step authentication to verify identities, which allowed the gang to easily carry out the thefts.

Japan's Financial Services Agency has ordered the company to documents detailing how the unauthorized access occurred, and what the company is doing to prevent similar occurrences from happening again. The regulator also plans to investigate whether there are problems in the company's internal security systems.

Unauthorized access to other people's computer accounts violates Japanese law, but overseas internet providers are often reluctant to provide users' identities to investigators. Tracking anonymous users would be even more difficult.

The Japan-China Mutual Legal Assistance Treaty allows Japanese investigators to do reference checks users of China's popular messaging app, WeChat, which is often used in crimes. But records can be deleted from overseas servers before Japanese investigators complete the laborious and time-consuming task of coordinating efforts with Chinese authorities to identify perpetrators.

Two Chinese nationals being held by the Tokyo Metropolitan Police Department on suspicion of participating in the thefts have denied meeting the gang's leader. "Criminal groups make sure their leaders are shielded from investigation," said a person familiar with the case. A third person, a Chinese university student studying in Japan, was arrested on Friday.

Chinese gangs have used various methods to hack Japanese accounts of Apple Pay and T Card, which can be used as a loyalty card and credit card.

"Police should thoroughly investigate the reason why 7pay has been hacked to prevent this from happening in the future," said Masanori Kusunoki, a visiting research fellow at the International University of Japan.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends October 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to Nikkei Asia has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media

Nikkei Asian Review, now known as Nikkei Asia, will be the voice of the Asian Century.

Celebrate our next chapter
Free access for everyone - Sep. 30

Find out more