Julie Stultz, Technical Marketing Manager at ON Semiconductor, writes for ElectronicDesign: 1. USB Type-C and PD are complicated: With a universal connector that can plug into a power host (source) or device (sink), it seems like the negotiation of which device is powering which can be overwhelming for product designers and consumers. However, products can have more -- or less -- complexity based on the product designer's needs. For Type-C only devices, a single IC can be used to control all of the connection handshakes. For more complex features, the Power Delivery protocol (PD) can be implemented. There's a strict set of guidelines that must be followed to be USB-C PD compliant. Products receive approval from the USB-IF governing committee before they're certified. Utilizing firmware from certified IC vendors can simplify design the solution.
2. USB Type-C and PD is expensive: To detect, attach, and negotiate communication, it would seem that the transition from USB 2.0 to USB-C would become expensive. For basic USB-C functionality, a basic state-machine controller can be used. Controllers are available on the market for 3. All Type-C ports have identical functionality: Despite a common connector, the actual feature set of a USB-C port can vary significantly. Ports on travel adapters only charge devices. Ports on wearable devices typically only receive charge. Ports on dual-role devices such as laptops can still see variation in port features. Power levels for standard Type-C ports are limited to 15 W while ports that implement PD can negotiate power up to 100 W. In addition, some ports are capable of data communication up to USB SS Gen 2 speeds of 10 Gb/s. Other features may include DisplayPort or Thunderbolt support. The article debunks eight more myths.

An anonymous reader quotes a report from ZDNet: A doctor in India has performed a series of five percutaneous coronary intervention (PCI) procedures on patients who were 20 miles away from him. The feat was pulled off using a precision vascular robot developed by Corindus. The results of the surgeries, which were successful, have just been published in EClinicalMedicine, a spin-off of medical journal The Lancet. During the remote procedures, Dr. Tejas Patel, Chairman and Chief Interventional Cardiologist of the Apex Heart Institute in Ahmedabad, Gujarat, India, used Corindus' CorPath GRX robot and a hardwired internet connection, manipulating the robot with a set of joysticks and a video monitor. Corindus has performed several remote test cases in the U.S. since, but Dr. Patel's procedure marked a major milestone in medicine. "Remote procedures have the potential to transform how we deliver care when treating the most time-sensitive illnesses such as heart attack and stroke," says Mark Toland, President and Chief Executive Officer of Corindus Vascular Robotics. "The success of this study paves the way for large-scale, long-distance telerobotic platforms across the globe, and its publication in Lancet's EClinicalMedicine demonstrates the transformative nature of telerobotics. While remote robotic procedures are still in the early stages of development, it is clear we are on track to expand patients' access to care, while reducing their time to treatment."

"As the promise of autonomous machines lags the underlying technology, the growing need for human robot-minders could juice the remote workforce," reports The Wall Street Journal. An anonymous reader shares excerpts from the report: Across industries, engineers are building atop work done a generation ago by designers of military drones. Whether it's terrestrial delivery robots, flying delivery drones, office-patrolling security robots, inventory-checking robots in grocery stores or remotely piloted cars and trucks, the machines that were supposed to revolutionize everything by operating autonomously turn out to require, at the very least, humans minding them from afar. Until the techno-utopian dream of full automation comes into effect -- and frankly, there's no guarantee that will ever happen -- there will be plenty of jobs for humans, just not ones their parents would recognize. Whether the humans in charge are in the same city or thousands of miles away, the proliferation of not-yet-autonomous technologies is driving a tiny but rapidly growing workforce.

Companies working with remote-controlled robots know there are risks, and try to mitigate them in a few ways. Some choose only to operate slow-moving machines in simple environments -- as in Postmates's sidewalk delivery -- so that even the worst disaster isn't all that bad. More advanced systems require 'human supervisory control,' where the robot or vehicle's onboard AI does the basic piloting but the human gives the machine navigational instructions and other feedback. Prof. Cummings says this technique is safer than actual remote operation, since safety isn't dependent on a perfect wireless connection or a perfectly alert human operator. For every company currently working on self-driving cars, almost every state mandates they must either have a safety driver present in the vehicle or be able to control it from afar. Guidelines from the National Highway Traffic Safety Administration suggest the same. Phantom Auto is betting the shift to remote operation might become an important means of employment for people who used to drive for a living. Other requirements for our remote-controlled future include "a tolerance for working for a lower wage, since remote operation could allow companies to outsource driving, construction and service jobs to call centers in cheaper labor markets," the report adds.

"Another might be a youth spent gaming. When Postmates managers interview potential delivery-robot pilots like Diana Villalobos, they ask whether or not they played videogames in their youth. 'When I was a kid, my parents always said, 'Stop playing videogames!' But it came in handy,' she says."

Facebook has banned advertising from The Epoch Times, the Falun Gong-related publication and conservative news outlet, as the social network struggles to implement a consistent political advertising policy. The New York Times reports: Facebook issued the ban on Friday after NBC News published a report this week that said The Epoch Times had obscured its connection to recent Facebook ads promoting President Trump and conspiracy content. The Epoch Times, started in 2000 by a group of Chinese-Americans affiliated with the religious group Falun Gong, has in recent years ridden the wave of conservative, pro-Trump social media popularity to build a large social media following. On its website, it advances conspiracy content such as anti-vaccination theories, while its YouTube channels promote the pro-Trump fringe movement QAnon and other topics.

The Epoch Times's official Facebook accounts were banned by the social network in July. But according to the NBC report, it then ran new Facebook ads without disclosing that they were associated with the outlet. The ads ran under page names such as "Honest Paper" and "Pure American Journalism" and purchased by MarketFuel Subscription Services and Perpetual Market, which are decoy names for The Epoch Times, according to NBC News. Facebook introduced political advertising transparency rules in 2018 that require political advertisers to divulge the name of organizations responsible for the ads. But The Epoch Times was apparently able to sidestep those rules before being caught. Stephen Gregory, publisher of The Epoch Times, said in a statement that Facebook did not earlier respond to requests for clarification on why its ads were taken down, so it began "publishing its advertising on a number of other, new Facebook pages." He added that "these ads were overtly Epoch Times advertisements for our subscription."

Alphabet' Google has shut down a service it provided to wireless carriers globally that showed them weak spots in their network coverage, Reuters reported Monday, citing people familiar with the matter, because of Google's concerns that sharing data from users of its Android phone system might attract the scrutiny of users and regulators. From the report: The withdrawal of the service, which has not been previously reported, has disappointed wireless carriers that used the data as part of their decision-making process on where to extend or upgrade their coverage. Even though the data were anonymous and the sharing of it has become commonplace, Google's move illustrates how concerned the company has become about drawing attention amid a heightened focus in much of the world on data privacy. Google's Mobile Network Insights service, which had launched in March 2017, was essentially a map showing carriers signal strengths and connection speeds they were delivering in each area. The service was provided free to carriers and vendors that helped them manage operations. The data came from devices running Google's Android operating system, which is on about 75% of the world's smartphones, making it a valuable resource for the industry. [...] Nevertheless, Google shut down the service in April due to concerns about data privacy, four people with direct knowledge of the matter told Reuters. Some of them said secondary reasons likely included challenges ensuring data quality and connectivity upgrades among carriers being slow to materialize.

A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. From a report: In a coordinated disclosure between Center for IT-Security, Privacy and Accountability (CISPA), ICASI, and ICASI members such as Microsoft, Apple, Intel, Cisco, and Amazon, a new vulnerability called "KNOB" has been disclosed that affects Bluetooth BR/EDR devices, otherwise known as Bluetooth Classic, using specification versions 1.0 - 5.1. This flaw has been assigned CVE ID CVE-2019-9506 and allows an attacker to reduce the length of the encryption key used for establishing a connection. In some cases, an attacker could reduce the length of an encryption key to a single octet.

"The researchers identified that it is possible for an attacking device to interfere with the procedure used to set up encryption on a BR/EDR connection between two devices in such a way as to reduce the length of the encryption key used," stated an advisory on Bluetooth.com. "In addition, since not all Bluetooth specifications mandate a minimum encryption key length, it is possible that some vendors may have developed Bluetooth products where the length of the encryption key used on a BR/EDR connection could be set by an attacking device down to a single octet."

The Atlantic talked to Lora Hooper, chair of the immunology department at the University of Texas Southwestern Medical Center, one of the researchers investigating gut microbes, inflammation, and what may be a very important connection.

They note that the rise of antibiotic usage among humans "coincides with the obesity epidemic." This could be a spurious correlation, of course -- lots of things have been on the rise since the '50s. But dismissing it entirely would require ignoring a growing body of evidence that our metabolic health is inseparable from the health of our gut microbes... While other researchers focused on the gut microbiome itself, [Hooper] took an interest in the immune system. Specifically, she wanted to know how an inflammatory response could influence these microscopic populations, and thus be related to weight gain.

Over the past decade or so, multiple studies have shown that obese adults mount less effective immune responses to vaccinations, and that both overweight and underweight people have elevated rates of infection. But these were long assumed to be effects of obesity, not causes.

"When I started my lab there wasn't much known about how the immune system perceives the gut microbes," Hooper says. "A lot of people thought the gut immune system might be sort of blind to them." To her, it was obvious that this couldn't be the case. The human gut is host to about 100 trillion bacteria. They serve vital metabolic functions, but can quickly kill a person if they get into the bloodstream. "So clearly the immune system has got to be involved in maintaining them," she says. It made sense to her that even subtle changes in the functioning of the immune system could influence microbial populations -- and, hence, weight gain and metabolism. This theory was borne out late last month in a paper in Science... [T]his experiment is a demonstration of principle: The immune system helps control the composition of the gut microbiome.
Slashdot reader Beeftopia submitted the story, noting that even the North American Meat Institute, the largest trade group representing meat processors, acknowledges that the use of some antibiotics "can destroy certain bacteria in the gut and help livestock and poultry convert feed to muscle more quickly causing more rapid growth." [PDF, page 4].

"Inflammation plays a critical role in determining how we digest food," writes the Atlantic, "and it's only now starting to reveal itself."

The Guardian learned that the suspected mass shooter at an El Paso, Texas Walmart "is believed to also have posted a white nationalist rant on 8chan" -- then interviewed the CEO of the company hosting it. If the connection between the 21-year-old suspect in Saturday's massacre and the 8chan document is confirmed -- and law enforcement sources told NBC News that they are "reasonably confident" that they are linked -- then the El Paso attack will mark the third mass shooting in less than six months that was announced in advance on the message board... Throughout the day on Saturday, 8chan users discussed the massacre and the suspect, with many referring to the alleged shooter as "our guy" and praising the number of people killed...
UPDATE: 8:25 p.m. PST: Cloudflare's CEO announced that they are in fact terminating 8chan, effective at midnight PST.

Here are his remarks to the Guardian less than 24 hours earlier... "If I could wave a magic wand and make all of the bad things that are on the internet go away -- and I personally would put the Daily Stormer and 8chan in that category of bad things -- I would wave that magic wand tomorrow," [Cloudflare CEO Matthew] Prince said. "It would be the easiest thing in the world and it would feel incredibly good for us to kick 8chan off our network, but I think it would step away from the obligation that we have and cause that community to still exist and be more lawless over time."

Prince argued that keeping "bad" sites within Cloudflare's network means that the company is able to help monitor activity and flag illegal content to law enforcement. While he would not comment on specifics, he said that Cloudflare receives "regular requests" from law enforcement not to ban certain sites. "There are lots of competitors to Cloudflare that are not nearly as law abiding as we have always been," he said. "The minute that someone isn't on our network, they're going to be on someone else's network...." Prince also rejected any implication that Cloudflare's position is self-interested. "The right answer from a pure business perspective is just to kick them off," he said of 8chan. "Of the 2 million-plus Cloudflare customers, they don't matter, and the pain that they cause is well beyond anything else."

Keeping 8chan within its network is a "moral obligation", he said, adding: "We, as well as all tech companies, have an obligation to think about how we solve real problems of real human suffering and death. What happened in El Paso is abhorrent in every possible way, and it's ugly, and I hate that there's any association between us and that... For us the question is which is the worse evil? Is the worse evil that we kick the can down the road and don't take responsibility? Or do we get on the phone with people like you and say we need to own up to the fact that the internet is home to many amazing things and many terrible things and we have an absolute moral obligation to deal with that."

simpz writes: Does anyone know of a fairly inexpensive webcam that doesn't depend on a cloud service? A few years ago, you could buy a cheap webcam (with the usual pan/tilt and IR) for about $50 that was fully manageable from a web browser. Nowadays the web interfaces are limited in functionality (or non-existent), or you need a phone app that doesn't work well (maybe only working through a cloud service). I've even seen a few cheap ones that still need ActiveX to view the video in a web browser, really people!

I'd like to avoid a cloud service for privacy and to allow this to operate on the LAN with no internet connection present. Even a webcam where you can disable the cloud connection outbound would be fine and allow you to use it fully locally. I guess the issue is this has become a niche thing that the ease of a cloud service connection probably wins for most people, and other considerations don't really matter to them.

I had a brief look at a Raspberry Pi solution, but didn't see anything like a small webcam form factor (with pan/tilt etc). Alternatively, are there any third-party firmwares for commercial webcams (sort of a OpenWRT-, DD-WRT-, or LineageOS-style project for webcams) that could provide direct local access only via a web browser (and things like RTSP)?

The FCC voted today to collect more accurate data about which parts of the U.S. have broadband and which parts lack high-speed connectivity. "From now on, home Internet providers will have to give the FCC geospatial maps of where they provide service instead of merely reporting which census blocks they offer service in," reports Ars Technica. From the report: The FCC's current broadband mapping system has serious limitations. The Form 477 data-collection program that requires ISPs to report census-block coverage lets an ISP count an entire census block as served even if it can serve just one home in the block. There are millions of census blocks across the US, and each one generally contains between 600 and 3,000 people. Perhaps even worse, ISPs can count a census block as served in some cases where they don't provide any broadband in the block. That's because the FCC tells ISPs to report where they could offer service "without an extraordinary commitment of resources." An ISP could thus count a census block as served if it's near its network facilities, but in practice ISPs have charged homeowners tens of thousands of dollars for line extensions.

Pai's mapping order (full text) says it "will collect geospatial broadband coverage maps from Internet service providers," and create a crowdsourcing system to collect public input on the accuracy of ISP-submitted maps. ISPs could still count homes that aren't currently connected to their networks, but the FCC has tightened the criteria for doing so. ISPs may only count an area as served if the ISP "has a current broadband connection or it could provide such a connection within ten business days of a customer request and without an extraordinary commitment of resources or construction costs exceeding an ordinary service activation fee." The new requirements are limited to fixed broadband providers, those that offer non-mobile service in homes and businesses.

A tiny and relatively unknown TLS library written in Rust, an up-and-coming programming language, outperformed the industry-standard OpenSSL in almost every major category. From a report: The findings are the result of a recent four-part series of benchmarks carried out by Joseph Birr-Pixton, the developer behind the Rustls library. The findings showed that Rustls was 10% faster when setting up and negotiating a new server connection, and between 20 and 40% faster when setting up a client connection. But while handshake speeds for new TLS connections are important, most TLS traffic relies on resuming previously negotiated handshakes. Here, too, Rustls outperformed the aging OpenSSL, being between 10 and 20% in resuming a connection on the server-side, and being between 30 and 70% quicker to resume a client connection. Furthermore, Rustls also fared better in sheer bulk performance -- or the speed at which data is transferred over the TLS connection. Birr-Pixton said Rustls could send data 15% faster than OpenSSL, and receive it 5% faster as well.

Joanna Stern, reporting for the Wall Street Journal: One of the biggest findings of my multi-city 5G review tour: The Samsung Galaxy S10 5G isn't reliable in the summer -- unless, well, you summer in Iceland. When I ran tests, the phone's 5G often switched off due to overheating, leaving me with a 4G connection. Cellular carriers demo-ing or testing the phone have taken to cooling the devices with ice packs and air conditioners. The phone does this when the temperature reaches a certain threshold to minimize energy use and optimize battery, a Samsung spokeswoman said. "As 5G technology and the ecosystem evolve, it's only going to get better," she added. But there is good part, too. The report adds: After nearly 120 tests, more than 12 city miles walked and a couple of big blisters, I can report that 5G is fasten-your-seat-belt fast...when you can find it. And you're standing outdoors. And the temperature is just right. As my findings show, 5G is absolutely not ready for you. But like any brand new network technology, it provides a glimpse of the future. "Holy spit!" I said the first time I saw a speed test hit 1,800 megabits per second on Verizon's network in downtown Denver. [...] Don't speak megabits? I downloaded the whole new season of "Stranger Things" from Netflix -- 2.1 gigabytes of video -- in 34 seconds. The same averaged more than an hour on my 4G connections. And I downloaded a huge, 10GB file full of video and images from Google Drive in 2.5 minutes.

Neuralink, the secretive company developing brain-machine interfaces, held a press conference today where it unveiled some of the technology it's been developing to the public for the first time. The first big advance is flexible "threads," which are less likely to damage the brain than the materials currently used in brain-machine interfaces and create the possibility of transferring a higher volume of data.

"The threads are 4 to 6 micrometers in width, which makes them considerably thinner than a human hair," reports The Verge. The other big advance that Neuralink unveiled is a machine that automatically embeds the threads into the brain. From the report: In the future, scientists from Neuralink hope to use a laser beam to get through the skull, rather than drilling holes, they said in interviews with The New York Times. Early experiments will be done with neuroscientists at Stanford University, according to that report. The company aims for human trials as soon as the second quarter of next year, according to The New York Times. The system presented today, if it's functional, may be a substantial advance over older technology. BrainGate relied on the Utah Array, a series of stiff needles that allows for up to 128 electrode channels. Not only is that fewer channels than Neuralink is promising -- meaning less data from the brain is being picked up -- it's also stiffer than Neuralink's threads. That's a problem for long-term functionality: the brain shifts in the skull but the needles of the array don't, leading to damage. The thin polymers Neuralink is using may solve that problem.

However, Neuralink's technology is more difficult to implant than the Utah Array, precisely because it's so flexible. To combat that problem, the company has developed "a neurosurgical robot capable of inserting six threads (192 electrodes) per minute [automatically]," according to the white paper. In photos, it looks something like a cross between a microscope and a sewing machine. It also avoids blood vessels, which may lead to less of an inflammatory response in the brain, the paper says. Finally, the paper says that Neuralink has developed a custom chip that is better able to read, clean up, and amplify signals from the brain. Right now, it can only transmit data via a wired connection (it uses USB-C), but ultimately the goal is to create a system than can work wirelessly. Currently, the company is testing the robot and threads on rats, but it's hoping to actually begin working with human test subjects as early as next year.

Story is developing...

Neuralink, Elon Musk's fourth and least visible company, will become a bit less secretive Tuesday with a livestreamed presentation about its technology to connect computers directly to human brains. From a report: Neuralink accepted applications from some folks to attend the San Francisco event to hear "a bit about what we've been working on the last two years," but the rest of us can tune in online at 8 p.m. PT Tuesday. "Livestream details will be available on our website shortly before event start," Neuralink tweeted Sunday. Neuralink, founded in 2016, is working on a way to let human brains communicate directly with computers. Goals include fast transfer rates and quick responses, but just establishing a connection and figuring out how to exchange useful information presents immense challenges. One possible approach involves an array of flexible probes inserted into the brain with a system resembling a sewing machine, an idea described by researchers reportedly associated with Neuralink. That's a lot cruder than the organically grown nanotechnological neural laces you'll find inside the brains of sci-fi characters, but it's remarkable that the technology is even under discussion.

A security researcher has publicly disclosed new vulnerabilities in the USB dongles (receivers) used by Logitech wireless keyboards, mice, and presentation clickers. New submitter raikoseagle shares a report: The vulnerabilities allow attackers to sniff on keyboard traffic, but also inject keystrokes (even into dongles not connected to a wireless keyboard) and take over the computer to which a dongle has been connected. When encryption is used to protect the connection between the dongle and its paired device, the vulnerabilities also allow attackers to recover the encryption key. Furthermore, if the USB dongle uses a "key blacklist" to prevent the paired device from injecting keystrokes, the vulnerabilities allow the bypassing of this security protection system. Marcus Mengs, the researcher who discovered these vulnerabilities, said he notified Logitech about his findings, and the vendor plans to patch some of the reported issues, but not all.

Some think automated radio emails are mucking up the spectrum reserved for amateur radio, while others say these new offerings provide a useful service. Wave723 writes: Like many amateur radio fans his age, Ron Kolarik, 71, still recalls the "pure magic" of his first ham experience nearly 60 years ago. Lately, though, encrypted messages have begun to infiltrate the amateur bands in ways that he says are antithetical to the spirit of this beloved hobby. So Kolarik filed a petition, RM-11831 [PDF], to the U.S. Federal Communications Commission (FCC) proposing a rule change to "Reduce Interference and Add Transparency to Digital Data Communications." And as the proposal makes its way through the FCC's process, it has stirred up heated debate that goes straight to the heart of what ham radio is, and ought to be. The core questions: Should amateur radio -- and its precious spectrum -- be protected purely as a hobby, or is it a utility that delivers data traffic? Or is it both? And who gets to decide?

Since Kolarik filed his petition in late 2018, this debate has engulfed the ham world. Fierce defenders of both sides have filed passionate letters and comments to the FCC arguing their cases. On one side is Kolarik in Nebraska. In his view, it's all rather simple: "Transparency is a core part of ham radio," he says. "And yet, you can find tons of traffic from automatic[ally controlled digital] stations that are extremely difficult to identify, if you can identify them at all, and they cause interference." The automatically controlled digital stations (ACDS) Kolarik refers to can serve to power services like Winlink, a "global radio email" system. Overseen and operated by licensed volunteers around the globe, Winlink is funded and guided by the Amateur Radio Safety Foundation, Inc. (ARSFI). The service uses amateur and government radio frequencies around the globe to send email messages by radio. Users initiate the transmission through an Internet connection, or go Internet-free and use smart-network radio relays.

On Winlink's website, the service says it provides its licensed users the ability to send email with attachments, plus messages about their positions, and weather and information bulletins. Representatives of the service say it also allows users to participate in emergency and disaster relief communications. But Kolarik's petition argues two points: First, because such messages "are not readily and freely able to be decoded," the FCC should require all digital codes to use protocols that "can be monitored in entirety by third parties with freely available, open-source software." Secondly, he wants the rule change to reduce the interference that he says services like Winlink can create between amateur-to-amateur stations -- by relegating the often-unattended automatic stations to operate solely on narrower sub-bands. Loring Kutchins, the president of ARSFI, says he believes Kolarik's petition is "well intentioned in its basis. But the fundamental conflict is between people who believe amateur radio is about hobby, not about utility. But nowhere do the FCC rules use the word 'hobby.'"

"Windows 10 continues to be a danger zone," writes Forbes senior contributor Gordon Kelly: Not only have problems been piling up in recent weeks, Microsoft has also been worryingly deceptive about the operation of key services. And now the company has warned millions about another problem. Spotted by the always excellent Windows Latest, Microsoft has told tens of millions of Windows 10 users that the latest KB4501375 update may break the platform's Remote Access Connection Manager (RASMAN). And this can have serious repercussions.

The big one is VPNs. RASMAN handles how Windows 10 connects to the internet and it is a core background task for VPN services to function normally. Given the astonishing growth in VPN usage for everything from online privacy and important work tasks to unlocking Netflix and YouTube libraries, this has the potential to impact heavily on how you use your computer. Interestingly, in detailing the issue Microsoft states that it only affects Windows 10 1903 - the latest version of the platform.

The problem is Windows 10 1903 accounts for a conservative total of at least 50M users.
Microsoft estimates they'll have a solution available "in late July," adding that the issue only occurs "when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections." That support page also offers a work-around which involves configuring the default telemetry settings in either the group policy settings or with a registry value.

UPDATE (7/7/2019): ZDNet is strongly criticizing Forbes' article, arguing that the issue affects only a small number of Windows users, "when the diagnostic data level setting is manually configured to the non-default setting of 0." For those who don't understand how unusual that configuration is, note that it applies only to Windows 10 Enterprise and that it can be set only using Group Policy on corporate networks or by manually editing the registry. You can't accidentally enable this setting. And you can't deliberately set it on a system running Windows 10 Home or Pro, because it is for Enterprise edition only.

On Monday, 7-Eleven launched a smartphone payment service for its 20,000 stores in Japan. By Thursday $510,000 had been stolen from the people using it -- as many as 900 customers.

Long-time Slashdot reader shanen shared this follow-up article, which points out that it's also possible that email addresses and birth dates have been accessed from among the new app's 1.5 million registered users: Tsuyoshi Kobayashi, president of Seven Pay Co., told a press conference in Tokyo that the company will compensate users for the losses caused by fraudulent access and that it has already suspended accepting new users or allowing users of the service to add money to its smartphone application. The estimated amount of losses the company announced is as of 6 a.m. Thursday and the damage could expand...

The parent company said someone, who had accessed their accounts and used the registered numbers of their credit or debit cards, purchased items at its convenience stores. The items included packs of cigarettes, which can be easily converted into cash, it said, adding there was a case in which a huge quantity worth 100,000 yen [$921] was purchased all at once at one of its outlets...

According to Seven & i Holdings, some customers reported their losses on Tuesday and unauthorized access from China and other locations outside Japan was confirmed... Police arrested two Chinese men on Thursday in connection with the problem, investigative sources said. They are suspected of illegally using the ID and password of a customer Wednesday in an attempt to buy electric cigarette cartridges worth around 200,000 yen [$1,843] at a 7-Eleven shop in Tokyo.
Nikkei Asian Review reports that one of the suspects "received instructions about gaining unauthorized access to 7pay accounts via WeChat, a popular Chinese messaging app. The Metropolitan Police Department suspects the involvement of an international criminal organization." (Japan Times reports that one man was asked to do "some shopping" after which they would receive "a reward".)

Nikkei Asian Review also notes that the Japanese government has been pushing to to have a least 40% of all payments be cashless by the mid-2020s -- including generous government tax incentives -- which one consumer finance writer says has "overheated" the market, while "the quality of services has declined in some cases."