Source Next Co., Ltd.reported on February 14 that 112,132 user credit card information and 120,982 personal information may have been leaked due to unauthorized access by a third party.
On January 4, 2023, some credit card companies contacted us about concerns about the leakage of credit card information of users who used the Sourcenext site, and on January 5, we stopped card payments. At the same time, an investigation by a third-party investigative agency was started.
The investigation by the investigative agency was completed on January 23, and as a result, the credit card information and personal information of users who made purchases on the Sourcenext site were leaked from November 15, 2022 to January 17, 2023. We also confirmed that some users’ credit card information may have been used fraudulently.
The unauthorized access took advantage of a vulnerability in the system of the Sourcenext site, and the payment application was tampered with.
The credit card information that may have been leaked is “cardholder name”, “credit card number”, “expiration date”, and “security code”. On the other hand, the personal information that may have been leaked is “name”, “e-mail address (password is not leaked)”, “zip code (optional)”, “address (optional)”, and “telephone number (optional)”. . Affected users will be notified individually by email.
Regarding the leakage of credit card information, we are working with credit card companies to continuously monitor transactions using credit cards that may have been leaked, and are striving to prevent unauthorized use. If there is a billing item that is not listed, we are asking you to contact the card company.
