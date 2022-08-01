Hackers stole passwords for accessing 140,000 payment terminals

Zack Whittaker
·2 min read

Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch.

Wiseasy is a brand you might not have heard of, but it's a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across the Asia-Pacific region. Through its Wisecloud cloud service, Wiseeasy can remotely manage, configure and update customer terminals over the internet.

But Wiseasy employee passwords used for accessing Wiseasy's cloud dashboards — including an "admin" account — were found on a dark web marketplace actively used by cybercriminals, according to the startup.

Youssef Mohamed, chief technology officer at pen-testing and dark web monitoring startup Buguard, told TechCrunch that the passwords were stolen by malware on the employee's computers. Mohamed said two cloud dashboards were exposed, but neither were protected with basic security features, like two-factor authentication, and allowed hackers to access nearly 140,000 Wiseasy payment terminals around the world.

Payment systems are frequently targeted by financially-driven hackers with the aim of skimming credit card numbers for committing fraud.

Buguard said it first contacted Wiseasy about the compromised dashboards in early July but efforts to disclose the compromise were met with meetings with executives that were later canceled without warning, and according to Mohamed, the company declined to say if or when the cloud dashboards would be secured.

Screenshots of the dashboards seen by TechCrunch shows an "admin" user with remote access to Wiseasy payment terminals, including the ability to lock the device and remotely install and remove apps. The dashboard also allowed anyone to view names, phone numbers, email addresses, and access permissions for Wiseasy dashboard users, including the ability to add new users.

Another dashboard view also shows the Wi-Fi name and plaintext password of the network that payment terminals are connected to.

Mohamed said anyone with access to the dashboards could control Wiseasy payment terminals and make configuration changes.

When reached by TechCrunch, Wiseasy chief executive Jason Wang would not comment. In a separate email from Wiseasy spokesperson Ocean An, the company confirmed that the issues were remediated and that it had added two-factor authentication to the dashboards.

It's not clear if the company plans to notify its customers of the security lapse.

A payments provider for paying court fines and utility bills exposed years of transactions

Recommended Stories

  • TikTok might be working on a music service

    TikTok has helped users discover both current and past musical artists, and now the company might be starting its own music streaming service.

  • Fact-check: Is Canada's banking system closing down?

    Rogers Communications had an outage July 8 that affected many activities, including bank transactions.

  • Bitcoin, Ethereum fall back after posting monthly gains for July

    Bitcoin ended July trading at US$23,737 for a monthly gain of nearly 24% — its highest since October last year when it rose 40%. Ethereum gained about 60% in July. See related article: Bitcoin, Ether rally continues in Friday afternoon trading in Asia Fast facts Bitcoin fell about 1% on Monday morning in Asia, with […]

  • Indonesia Briefly Blocks PayPal in Move to Police Its Internet

    (Bloomberg) -- Indonesia began blocking websites from gaming store Steam to digital wallet PayPal Holdings Inc. over the weekend, making good on promises to bar internet services that don’t register locally and submit to a tightening regulatory regime.Most Read from BloombergChina’s Rebound Remains Fragile as Factories, Property SlumpAre We Ready to Start Saying the R-Word?Elon Musk’s Antics Turn Owners and Would-Be Buyers Against TeslaFrom Profits to Pay, JPMorgan’s Gold Secrets Spill Out in Co

  • My Take: 'Protect Holland Taxpayers' is Comcast trying to scare you on local broadband plan

    I am voting "yes" on Aug. 2 and I hope you will join me.

  • White House cyber hire highlights diversity challenges in tech workforce

    The White House now has a point person to carry out its pledge to expand diversity in the cyber workforce. Camille Stewart Gloster, a Google executive, was hired to head up Biden administration efforts to develop the nation’s ecosystem for tech talent, including building a more diverse cyber workforce and strengthening cyber education. It’s a…