#Privacy: 7-Eleven fuel app exposes users’ personal details following data breach

The data breach on Thursday, allowed users to view the personal information of other customers using the app. 

The 7-Eleven fuel app, which according to the company has been downloaded two million times, was alerted to the incident after a customer was able to access the personal information of other customers via the app. 

The customer, who chose to remain anonymous, was able to view the amount of money in the other users’ account. As well as names, email addresses, mobile phone numbers and dates of birth. 

According to the Guardian, the customer had logged in numerous times, but each time other people’s personal information kept appearing. The app was soon taken offline for several hours, and was later brought back online at 5:30pm the same day. 

A spokesperson from 7-Eleven said: “The 7-Eleven Fuel App experienced a technical issue. The issue has been resolved, and the 7-Eleven Fuel App is now online for all customers. We are continuing to investigate and have informed the relevant authorities.”

Earlier this year, the Japanese arm of 7-Eleven had to take its mobile payment app offline in July, after a data breach impacted nearly 900 customers – resulting in fraudulent transactions totaling over $500,000. 

Following an inquiry, it was discovered that hackers had accessed the customer’s app and impersonated users to make fraudulent purchases. 

Mark Noctor, VP EMEA at Arxan Technologies, told Infosecurity Magazine: “This breach highlights the need for companies to treat their application as the new ‘real’ endpoint that needs to be considered during the formation of a security strategy.”

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/