100,000 Customers' Data Stolen From 11 Japanese E-Commerce Websites

Personal information of at least 100,000 customers, including credit card details, has been stolen from 11 e-commerce websites in Japan, Shohei Kato reported for the Mainichi Shimbun.

Confirmed victims include the prominent coffee chain Tully’s Coffee Japan Co. and the national federation of fisheries cooperatives (JF Zengyoren). I Photo: Haneda Airport

The websites, operated by Tokyo-based companies and organizations, were compromised by unauthorized programs.

Authorities, including the Metropolitan Police Department (MPD), are investigating the incidents and pursuing charges related to the provision of electronic or magnetic records containing unauthorized commands.

Confirmed victims include the prominent coffee chain Tully’s Coffee Japan Co. and the national federation of fisheries cooperatives (JF Zengyoren).

The attackers exploited vulnerabilities by entering malicious code into order forms on the websites.

Once the code was triggered during data confirmation, it allowed remote tampering. Subsequently, any new customer data registered on the websites was leaked to the attacker.

The affected e-commerce platforms continued to operate normally, leaving operators unaware of the breaches for extended periods. Investigators are working to determine the full scope of the damage.