50，000 credit card records leaked， including card numbers and security codes．

0001Popping out★.Oct. 3, 2024 (Thu) 17:50:40.62ID:19G8p+jW9

On October 3rd, Tully’s Coffee Japan announced that its directly operated mail-order website, Tully’s Online Store, had been illegally accessed, its payment app had been tampered with, and 92,685 user IDs and passwords may have been leaked. Of these, 52,958 users who had registered credit card numbers are at risk of having their card numbers and security codes leaked. The cause was a vulnerability in part of the site’s system, which led to unauthorized access by a third party and tampering with the payment app. The personal information that may have been leaked includes the names, addresses, telephone numbers, gender, date of birth, email address, login ID, login password, and shipping information of 92,685 people who registered as members at the Tully’s Online Store between July 20, 2021 and May 20, 2024. In addition, the credit card numbers, cardholder names, expiration dates, and security codes of 52,958 people who made credit card payments at the store between July 20, 2021 and May 20, 2024 may have been leaked. Affected users have been contacted via email. On May 20th, the Tokyo Metropolitan Police Department contacted the company to inform it that card information may have been leaked, and card payments were suspended the same day. The online store itself was temporarily closed on May 23rd. The site will be refurbished and reopened with enhanced security measures.

Yahoo!ニュース

Yahoo!ニュースは、新聞・通信社が配信するニュースのほか、映像、雑誌や個人の書き手が執筆する記事など多種多様なニュースを掲載しています。

0030Anonymous Donburako.Oct. 3, 2024 (Thu) 17:57:54.08ID:Oh2NdxX30

>>1
Again?
I think it would be better to give criminal penalties for this kind of thing.

0046Anonymous Donburako.Oct. 3, 2024 (Thu) 18:00:05.69ID:uxhWFJmN0

>>1
Whenever a data leak occurs, it’s usually the security code
In other words, most companies store security codes
Credit card users shouldn’t feel complacent.

0002Anonymous Donburako.Oct. 3, 2024 (Thu) 17:51:11.11ID:4AiW8YJy0(1/2)

Isn’t this a strange one?

0003Anonymous Donburako.Oct. 3, 2024 (Thu) 17:51:28.38ID:diV8CP+Y0

Why would a security code be leaked?

0028Anonymous Donburako.Oct. 3, 2024 (Thu) 17:57:37.69ID:cwp1Sflh0(1/10)

>>3
If the site itself has vulnerabilities that allow entered information to be stolen,
it will be leaked even if the security code is not stored in the system.

0005Security Guard [lv.4] [Sprout].Oct. 3, 2024 (Thu) 17:51:58.43ID:bUG4XjC10

They attack from your weak spot.

0006Anonymous Donburako.Oct. 3, 2024 (Thu) 17:52:10.79ID:lxPPPuQW0(1/2)

Did you mean it was saved in plain text???

0007Anonymous Donburako.Oct. 3, 2024 (Thu) 17:52:12.35ID:QbL8PvMx0

Is this quite serious?

0008Anonymous Donburako.Oct. 3, 2024 (Thu) 17:52:16.76ID:TLxLNwFA0

What kind of store is Tully’s?

0012Anonymous Donburako.Oct. 3, 2024 (Thu) 17:53:56.87ID:syok+mt50

Huh? Why the security code?

0013Anonymous Donburako.Oct. 3, 2024 (Thu) 17:54:13.58ID:F0JPgOiP0

It’s cash after all.

0018Security Guard [lv.4] [Sprout].Oct. 3, 2024 (Thu) 17:55:04.45ID:Gn9dRpt10

Included in the list of scams and illegal part-time jobs.

0019Anonymous Donburako.Oct. 3, 2024 (Thu) 17:55:34.98ID:dfnQ5bQm0(1/11)

This is the craziest thing since Sourcenext.

0020Anonymous Donburako.Oct. 3, 2024 (Thu) 17:55:52.94ID:6NFYouqt0

Oh no, I did it!

0021Anonymous Donburako.Oct. 3, 2024 (Thu) 17:55:57.53ID:fz4EGCea0(1/2)

It’s finished….

0023Anonymous Donburako.Oct. 3, 2024 (Thu) 17:56:33.14ID:Midw0cec0

This is really crazy.

0024Anonymous Donburako.Oct. 3, 2024 (Thu) 17:56:44.24ID:AnTfLS9l0(1/2)

Will it be leaked just by paying by credit card?
Even in Japan, it’s PayPal or PayPay.

0025Anonymous Donburako.Oct. 3, 2024 (Thu) 17:57:13.22ID:sYBlMJBt0(1/3)

They apologized with a 500 yen coupon.

0026Anonymous Donburako.Oct. 3, 2024 (Thu) 17:57:14.75ID:4AiW8YJy0(2/2)

Since the payment app was tampered with, does that mean that the information entered by users was stolen? Doesn’t the fact that the police have contacted them mean that it has actually been misused and people are causing damage?

0034Anonymous Donburako.Oct. 3, 2024 (Thu) 17:58:27.25ID:IpGBPXO90(2/2)

>>26
Ah, input.
Is that possible?

0029Security Guard [lv.3] [bud].Oct. 3, 2024 (Thu) 17:57:50.29ID:b/ZNzbji0

Do we really need this much personal information?

0062Anonymous Donburako.Oct. 3, 2024 (Thu) 18:03:22.65ID:bA5+imw50(1/3)

>>29
You can sell it for a high price to the countless list companies.

0032Security Guard [lv.6] [Sprout].Oct. 3, 2024 (Thu) 17:58:16.19ID:uZLUdNLW0

What about liability for compensation?

0033Anonymous Donburako.Oct. 3, 2024 (Thu) 17:58:22.38ID:Oj0Pc5GG0(1/2)

If you tamper with the payment app, the information entered will be leaked.

0035Anonymous Donburako.Oct. 3, 2024 (Thu) 17:58:42.17ID:g+WBWqBW0

Storing security codes should be prohibited by law, you idiot.

0037Anonymous Donburako.Oct. 3, 2024 (Thu) 17:58:45.57ID:BSsCYSCI0

If we extract high-end card brands such as American Express, ages and addresses from this leaked data, we can create a list of robbery locations lol.

0070Anonymous Donburako.Oct. 3, 2024 (Thu) 18:05:06.43ID:44IJKsPt0

>>37
Is this going to lead to another story about shady part-time jobs?

0038donguri!Oct. 3, 2024 (Thu) 17:58:49.82ID:ef9ik9dH0

What on earth are you buying?

0039Anonymous Donburako.Oct. 3, 2024 (Thu) 17:58:53.41ID:g6ZWMmLq0

I used to work in the system for a credit card company,
but we never stored card numbers or security codes.

0040!ninja.Oct. 3, 2024 (Thu) 17:59:22.86ID:khDCX8/Y0

Is it enough to just apologise?

0064Security Guard [lv.2] [Sprout].Oct. 3, 2024 (Thu) 18:04:03.10ID:nWmfUGZ60(2/20)

>>40
That’s it, that’s it.

0042Anonymous Donburako.Oct. 3, 2024 (Thu) 17:59:39.95ID:mB0d9kxj0

The security code is not allowed to be saved, so there’s no way it would be leaked lol.

0044Anonymous Donburako.Oct. 3, 2024 (Thu) 17:59:55.41ID:2VTqK9oH0

Don’t keep the security code.

0047Anonymous Donburako.Oct. 3, 2024 (Thu) 18:00:08.99ID:LhKB6+jO0(1/3)

This is no good.

0048Anonymous Donburako.Oct. 3, 2024 (Thu) 18:00:11.33ID:om+Ielzq0

At 300 yen each, they would be sold for 15 million yen.

0049Anonymous Donburako.Oct. 3, 2024 (Thu) 18:00:27.02ID:bK2BVmwb0

The delay between recognizing the incident and making it public is a sign of their prioritizing self-preservation over their users.

0051Anonymous Donburako.Oct. 3, 2024 (Thu) 18:01:06.03ID:za9pqnK60(1/2)

Did that Tully’s leak information?
I’ve never been there though.

0053Anonymous Donburako.Oct. 3, 2024 (Thu) 18:01:53.84ID:poshIKON0

They should guarantee at least 5,000 yen per person. This isn’t something you can just say sorry and leave it at that.

0055Anonymous Donburako.Oct. 3, 2024 (Thu) 18:01:59.00ID:ckdVjaf70

I don’t think the security code was set up to be saved.
It wasn’t extracted from the database, it was probably just the app being tampered with.
The security code was probably saved and made accessible.

0057Anonymous Donburako.Oct. 3, 2024 (Thu) 18:02:06.87ID:B8a8cxKR0

Even with the larger companies this is the case, so I’d go with cash on delivery even if it means paying a small fee.

Reference: https://asahi.5ch.net/test/read.cgi/newsplus/1727945440/

Other languages: 【タリーズオンラインストア】クレカ情報5万件流出、カード番号やセキュリティコードなども流出か, Se filtraron 50．000 datos de tarjetas de crédito y también se filtraron números de tarjetas y códigos de seguridad．