7-Eleven Customer Data Exposed in App Security Breach

By |2019-11-01T19:38:11+00:00November 1st, 2019|

The 7-Eleven Fuel app suffered a data breach in Australia last week that exposed users’ personal details. The app uses customer location and pricing data to help drivers find the best gas prices at local 7-Elevens, and lock in the low prices by prepaying.

A customer reported the breach to 7-Eleven when he discovered he was able to view another customer’s information, including name, email address, phone number, birthdate, and account balances upon opening the app. After logging out of the app and logging back in several times, he was able to access the account details and personal data of multiple customers.

7-Eleven responded by taking down the app for maintenance. It is now back up, and 7-Eleven has stated they are investigating the root cause of the issue. It is unclear how many customers may have been affected before the breach was discovered and fixed, or what the long-term consequences for consumers will be.

This news follows a July app data breach that allowed criminals to rack up $510,000 in fraudulent charges to the apps of 900 Japanese 7-Eleven customers. That breach was caused by a poorly-designed login screen that allowed hackers to request password reset links to email addresses not associated with the account. 7-Eleven has promised to compensate all customers for lost funds.

While these hacks occurred in Australia and Japan, and there’s currently no word of U.S. customers being affected, other app hacks have occurred in the United States. One of the most recent data breaches exposed the personal information of about 4.9 million DoorDash consumers, merchants, and drivers. Uber also has been dealing with the fallout of a data breach that exposed 57 million files containing customer and driver personal data.

How to Protect Yourself

These app hacks demonstrate the risks involved with entrusting your personal data with a third party. To protect yourself from data breaches, it pays to follow these best practices:

  • Be mindful of the apps and companies you share your personal data with. Just because a company is well known or highly respected doesn’t mean it will be able to protect your information as diligently as you do.

 

  • Freeze your credit reports with all three credit bureaus. This prevents hackers and criminals from using personal data to open fraudulent accounts in your name, damaging your credit score.

 

  • Monitor your account activity – including bank accounts, credit cards, and third-party apps – to ensure that no fraudulent charges or transactions have taken place.

 

  • Monitor your credit report so you’re aware of any changes to your credit. Inaccurate information could be the sign of identity theft.

 

  • Don’t click any unexpected links or download attachments without verifying them first.