Wired
On May 23, Sumitomo Mitsui Card announced that there was an unauthorized login by a third party in its member app for smartphones, “Sumitomo Mitsui Card Vpass App” (Vpass app). The number of damages is 16,756, and it has been confirmed that the credit card number was not leaked due to unauthorized login, and the credit card misuse damage was not confirmed.
The total number of unauthorized logins is approximately 5 million, and there is no abuse damage
The company regularly conducts 24-hour monitoring using an unauthorized use detection system to check for suspicious card usage. According to the company, this monitoring detected unauthorized logins on August 19th, blocked access identified as unauthorized logins, and implemented emergency responses such as disabling passwords for IDs that were illegally logged in.
In subsequent investigations, there were many IDs and passwords that were specified for unauthorized logins that were not registered with the company, so we used IDs and passwords that third parties may have obtained from other companies' services. It is said that the damage was caused by a “list attack” that attempted unauthorized access.
As of the 22nd, the damage status is 16,756 IDs that may have been illegally logged out of the total number of unauthorized login attempts of approximately 5 million, and the user's name, card name, usage amount, The usage details, available amount, point balance, etc. could be viewed. Since the card usage information can only be viewed with an ID and password, transactions are not possible, and the credit card number is partially hidden, so the company does not identify the credit card number .
As a response to this unauthorized login, the company may have been exposed to unauthorized logins to prevent unauthorized browsing in the future, as some users may have been viewed credit card usage details, etc. Along with disabling the user's password, we are contacting you individually to call for an ID and password change.
Unauthorized login victims register again after login stops
Sumitomo Mitsui Card announced that there was unauthorized access after detecting unauthorized access on the 19th, but it was a press release dated 23rd. We have released a page to call attention about the case. For users who have been confirmed to be unauthorized logins, they are guiding new registration to Vpass after login stops.
In order for customers to use the Internet service "Vpass" (hereinafter referred to as Vpass) safely for members, we take measures such as stopping login to Vpass when unauthorized logins are suspected. We are
If you stop logging in to Vpass, we will ask you to register for Vpass. We apologize for the inconvenience and trouble, but thank you for your understanding.
In addition, in order to protect important customers from unauthorized use, we monitor the card usage status etc. using an unauthorized use detection system (24 hours 365 days).
If you are using Vpass, we recommend that you check your emails to see if you have an individual contact and make sure you can log in. Even if there is no damage, take measures against unauthorized login such as changing the password just in case.
Source: Sumitomo Mitsui Card
Photo: Sumitomo Mitsui Card
(asm)
Source: iPhone Mania