Hackers stole passwords to access 140,000 payment terminals

- Advertisement -


Hackers gained access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payment giant Wiseasy, a cybersecurity startup told TechCrunch.

- Advertisement -

Wiseasy is a brand you may not have heard of, but it is a popular Android-based payment terminal manufacturer used in restaurants, hotels, retail outlets, and schools throughout the Asia-Pacific region. Through its Wisecloud cloud service, Wiseeasy can remotely manage, configure and update client terminals via the Internet.

- Advertisement -

But Wiseasy employee passwords used to access Wiseasy cloud panels, including an “administrator” account, have been found in a dark web market heavily exploited by cybercriminals, according to the startup.

Youssef Mohamed, chief technology officer of pen-testing and dark web monitoring startup Buguard, told TechCrunch that passwords were stolen by malware on employees’ computers. Mohamed said two cloud-based control panels were opened, but neither was protected by basic security features. like two-factor authenticationand allowed hackers to gain access to nearly 140,000 Wiseasy payment terminals around the world.

- Advertisement -

Payment systems are often targeted by hackers with financial goals in order to obtain credit card numbers to commit fraud.

Buguard said it first contacted Wiseasy about the compromised dashboards in early July, but efforts to uncover the compromise were met with meetings with executives that were later canceled without notice, and according to Mohamed, the company declined to say whether or when there would be cloud dashboards will be removed. secured.

Screenshots of dashboards seen by TechCrunch show an administrator user with remote access to Wiseasy payment terminals, including the ability to lock the device and remotely install and uninstall apps. The dashboard also allowed anyone to view the names, phone numbers, email addresses, and permissions for Wiseasy dashboard users, including the ability to add new users.

Another view of the control panel also shows the Wi-Fi name and unencrypted password of the network to which payment terminals are connected.

Mohamed said that anyone with access to the dashboards can manage Wiseasy payment terminals and make configuration changes.

When TechCrunch contacted Wiseasy CEO Jason Wang, he declined to comment. In a separate email from Wiseasy representative Ocean Ana, the company confirmed that the issues have been fixed and that it has added two-factor authentication to dashboards.

It’s unclear if the company plans to notify its customers of a security breach.


Credit: techcrunch.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox