7-Eleven Japan shut down a mobile payments app after only two days because hackers exploited a simple security flaw and customers lost over $500,000

On July 1st, 7-Eleven Japan launched 7pay, a new mobile app that allows customers to make purchases at its convenience stores, which are widely popular in Asia. But two days later, 7pay was shut down, after the company advised customers that third parties had accessed some accounts.

All told, the company said in a press release, over 900 customers had their accounts accessed, and they lost a collective total of ¥55 million, the equivalent of about $510,000. It promises compensation for affected users.

7pay was 7-Eleven's mobile wallet system, allowing users to make in-store payments by scanning a barcode at the cash register tied to a credit or debit card, similarly to systems like Walmart Pay.

The way it went down, reports ZDNet and Yahoo Japan, is that some bad actors had exploited a simple security flaw with the password system — specifically, that anybody could reset any 7pay user's password.

The issue, per those reports, was that 7pay only required the user's email address, phone number, and date of birth to reset a password. Once all of that information is entered, however, it will apparently send a link to reset the password to any e-mail address you choose, even if it's not your own.

In other words, unauthorized parties could allegedly send the reset link to their own addresses, create their own passwords, and access that account, without any sophisitcated hacking technique. From there, those hackers could have theoretically walked into any 7-Eleven store that accepts 7pay and made purchases with somebody else's account.

Read more: NASA Jet Propulsion Laboratory network was hacked by targeting a Raspberry Pi that wasn't supposed to be connected to it

After the app launched, 7pay users tweeted about being locked out of their accounts.

A spokesperson for 7-Eleven did not immediately respond to a request for comment.