Sourcenext Co., Ltd. announced on February 14 that there was unauthorized access to its website, and that 120,982 customer personal information and 112,132 credit card information may have been leaked. was 120,982, including credit card information). From the same day, we will contact customers who have the possibility of leakage by e-mail.
On January 4th, the credit card company contacted us regarding concerns about the leak of card information, and the company suspended card payments from January 5th and started an investigation by a third-party investigative agency. The investigation was completed on January 23, and the personal and credit card information of customers who made purchases on the company’s website between November 15, 2022 and January 17, 2023 were leaked and credit card information was used fraudulently. He confirmed that it is possible.
Regarding the announcement made more than a month after the possibility of information leakage was confirmed, the company said, “The disclosure of uncertain information unnecessarily causes confusion and minimizes inconvenience to customers. We have decided that it is essential to make an announcement after we have prepared a countermeasure to stop it, so we have decided to wait for the investigation results of the research company and cooperation with the credit card company before making an announcement.”
The cause of the personal information leak is that the payment application was tampered with through unauthorized access that exploited a vulnerability in the website system.
Those who may have leaked are those who purchased from the company’s website between November 15, 2022 and January 17, 2023. It is said that it also applies to those who interrupted the order in the middle of the purchase and those who canceled it after the purchase. In addition, those who registered or changed credit cards on the company’s website during the same period.
There are five personal information items that may have been leaked: name, email address, postal code, address, and telephone number. It is said that the password has not been leaked. Credit card information consists of cardholder name, credit card number, expiration date, and security code.
The company urges customers to check their credit card statements and contact the credit card company if there are charges that they do not recognize. We also have a toll-free number and contact form for inquiries regarding this matter, as well as a Q&A page.
