Source Next Co., Ltd.reported on February 14 that 112,132 user credit card information and 120,982 personal information may have been leaked due to unauthorized access by a third party.
On January 4, 2023, some credit card companies contacted us about concerns about the leakage of credit card information of users who used the Sourcenext site, and stopped card payments on January 5. At the same time, an investigation by a third-party investigative agency was started.
An investigation by an investigative agency was completed on January 23, and as a result, between November 15, 2022 and January 17, 2023, the credit card information and personal information of users who made purchases on the Sourcenext site were leaked. We also confirmed that some users’ credit card information may have been used fraudulently.
The unauthorized access is said to have taken advantage of a vulnerability in the system of Sourcenext’s site, and that the payment application was tampered with.
The credit card information that may have been leaked is “cardholder name”, “credit card number”, “expiration date”, and “security code”. On the other hand, the personal information that may have been leaked is “name”, “e-mail address (password is not leaked)”, “zip code (optional)”, “address (optional)”, and “telephone number (optional)”. . Affected users will be notified individually by email.
Regarding the leakage of credit card information, we are working with credit card companies to continuously monitor transactions using credit cards that may have been leaked, and are striving to prevent unauthorized use. If there is a billing item that is not listed, we are asking you to contact the card company.