Skip to main content

Hackers stole passwords from 140,000 payment terminals using malware

An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,000 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer’s terminals.

The Wiseasy point of sale system on a table.
Image used with permission by copyright holder

Hackers were able to gain access to Wiseasy’s systems through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace, according to cybersecurity firm Buguard, which shared the information with TechCrunch.

Buguard is a penetration testing and dark web monitoring startup that observed the hacking of Wiseasy and noted that the bad actors were able to gain control of two of the company’s cloud dashboards, including an “admin” account. Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication.

The publication was able to view screenshots of Wiseasy’s “admin” user account, which shows how the service can control payment terminals remotely, have access to various user data, and have configuration control, such as being able to add users, seeing Wi-Fi names, and plaintext passwords of connected payment terminals. Access in the wrong hands can easily cause such a situation.

Buguard also said its attempts to warn Wiseasy of the security issue began in early July, but the scheduled meetings ended up getting canceled and were never held. At this point, Buguard chief technology officer Youssef Mohamed says he’s unable to say whether the breach has been resolved. However, a Wiseasy spokesperson, Ocean An, told TechCrunch that the company had fixed the issue in-house and added two-factor authentication to its systems.

It remains unknown whether Wiseasy will directly tell customers about this hack, however.

Many cyber-security issues have to do with hackers working to take over control of various programs or services from the back end. A recently resolved zero-day vulnerability was Follina (CVE-2022-30190), which granted hackers access to the Microsoft Support Diagnostic Tool (MSDT).

This tool is commonly associated with Microsoft Office and Microsoft Word. Hackers were able to exploit it to gain access to a computer’s back end, granting them permission to install programs, create new user accounts, and manipulate data on a device.

Early accounts of the vulnerability’s existence were remedied with workarounds. However, Microsoft stepped in with a permanent software fix once hackers began to use the information, they gathered to target the Tibetan diaspora and U.S. and E.U. government agencies.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Best router deals: Save on mesh networks and Wi-Fi 6 routers
The Netgear Nighthawk AXE11000 Tri-Band Wi-Fi 6E Router on a table.

Strangely enough, routers have had a huge technological bump in the last few years due to the number of devices that need to be connected to the internet. That's one of the main aspects of the new Wi-Fi 6, a standard that not only increases speeds and quality of the connection but addresses the issue with ten devices or more needing to connect to the internet constantly without impacting quality. To that end, if you haven't upgraded your router or mesh network in three to five or more years but are increasingly buying more smart-home products, grabbing a modern router with the latest technology is probably a good idea.

Best Router Deals

Read more
Intel says AMD’s Ryzen 7000 is snake oil
AMD CEO Lisa Su holding an APU chip.

In what is one of the most bizarrely aggressive pieces of marketing material I've seen, Intel is comparing AMD's Ryzen 7000 mobile chips to snake oil. Over the weekend, Intel posted its Core Truths playbook, which lays out how AMD's mobile processor naming scheme misleads customers.

There's an element of truth to that, which I'll get to in a moment, but first, the playbook. Intel starts with claiming that there's a "long history of selling half-truths to unsuspecting customers" alongside images of a snake oil salesman and a suspicious used car seller. This sets up a comparison between the Ryzen 5 7520U and the Core i5-1335U. Intel's chip is 83% faster, according to the presentation, due to the older architecture that AMD's part uses.

Read more
Don’t miss these deals on the Meta Quest 2 and Meta Quest Pro
A model poses with a Meta Quest Pro over a colorful background.

Meta isn’t just the parent company of Facebook, it’s also become a pioneer in the new wave of virtual reality. It has a lineup of virtual reality headsets to shop, and a couple of them are seeing deals today. Both the Meta Quest 2 and the Meta Quest Pro have their price dropped at Best Buy, with the more affordable Quest 2 seeing a sale price of $250 and the high-end Quest Pro discounted to $924. Best Buy is including free shipping with a purchase of either VR headset.
Meta Quest 2 VR headset — $250, was $300

The Meta Quest 2 isn’t the newest Meta Quest on the market, but it holds up really well when it comes to offering an immersive virtual experience. It has a super fast process and a high resolution display, both of which manage to handle the strains of virtual reality processing. The experience remains seamless and smooth even with more current software. If you want something brand new, the Meta Quest 3 is on the market, but both the Meta Quest 3 and Quest 2 offer total immersion with 3D positional audio, hand tracking, and haptic feedback that makes virtual worlds feel real. With the Meta Quest 2 you can explore more than 250 software titles across categories like gaming, fitness, socials and entertainment.

Read more