OSAKA (Kyodo) Hackers stole customer data from eight online supermarkets in Japan, including Uny Co. and Neo Beat Co., in July using a hacking technique called SQL injection to access their databases, sources said.

A source close to Neo Beat, which also operates the Web sites of the online supermarkets, said Friday it believes the approximately 30,000 unauthorized accesses to its database server were likely “perpetrated by a group of professional hackers.”

The accesses, which were conducted from Japan and China from July 24 to 26, resulted in the theft of data on 12,191 customers of the Osaka-based company as well as its seven business partners, including supermarket chains Izumiya Co., Maruetsu Inc. and Ryukyu Jusco Co.

Neo Beat has since filed a damage report with the Osaka police, and the companies have closed their online markets since late last month.

Major credit card companies have confirmed cases in which the credit card data stolen by the hackers in the July incident were used by third parties to buy goods.

An official at a credit card firm said there have been more than 100 cases in which such parties either used or attempted to use the stolen card data.

Although credit card companies do not charge customers whose card data were illic itly used, some card companies have recommended that affected customers get new cards and invalidate their old ones.

Neo Beat, which announced Aug. 4 the massive leakage of the customer credit card information, briefed the Ministry of Economy, Trade and Industry on Thursday.

The company’s probe has found that its database program has a security vulnerability that made it difficult to block attempts from outside to intrude into the database server, the sources said.

Neo Beat has taken countermeasures, including installing a device to detect illicit attempts to access the database server, the sources said.

SQL injection involves a hacker sending a malicious code into a database, whose program is written in a programming language called Structured Query Language, to obtain data such as credit card numbers.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.