Skip to main content

Hackers stole passwords from 140,000 payment terminals using malware

An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,000 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer’s terminals.

The Wiseasy point of sale system on a table.

Hackers were able to gain access to Wiseasy’s systems through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace, according to cybersecurity firm Buguard, which shared the information with TechCrunch.

Buguard is a penetration testing and dark web monitoring startup that observed the hacking of Wiseasy and noted that the bad actors were able to gain control of two of the company’s cloud dashboards, including an “admin” account. Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication.

The publication was able to view screenshots of Wiseasy’s “admin” user account, which shows how the service can control payment terminals remotely, have access to various user data, and have configuration control, such as being able to add users, seeing Wi-Fi names, and plaintext passwords of connected payment terminals. Access in the wrong hands can easily cause such a situation.

Buguard also said its attempts to warn Wiseasy of the security issue began in early July, but the scheduled meetings ended up getting canceled and were never held. At this point, Buguard chief technology officer Youssef Mohamed says he’s unable to say whether the breach has been resolved. However, a Wiseasy spokesperson, Ocean An, told TechCrunch that the company had fixed the issue in-house and added two-factor authentication to its systems.

It remains unknown whether Wiseasy will directly tell customers about this hack, however.

Many cyber-security issues have to do with hackers working to take over control of various programs or services from the back end. A recently resolved zero-day vulnerability was Follina (CVE-2022-30190), which granted hackers access to the Microsoft Support Diagnostic Tool (MSDT).

This tool is commonly associated with Microsoft Office and Microsoft Word. Hackers were able to exploit it to gain access to a computer’s back end, granting them permission to install programs, create new user accounts, and manipulate data on a device.

Early accounts of the vulnerability’s existence were remedied with workarounds. However, Microsoft stepped in with a permanent software fix once hackers began to use the information, they gathered to target the Tibetan diaspora and U.S. and E.U. government agencies.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
How to clean a laptop fan
Cleaning a laptop fan with air blower.

Let's face it: Laptops get dirty. That's true on the exterior, where sweat and grime can accumulate. The good thing is, is that it's obvious when a proper cleaning is in order. But what about inside a laptop? That gets dirty as well, as a laptop's thermal system works to pull air in to keep things cooled down. Inevitably, dust and other particles get sucked inside and accumulate around the fans.

Read more
WWDC 2023 rumors: Reality Pro headset, new Macs, and more
Tim Cook at WWDC 2022.

Apple has announced its Worldwide Developers Conference (WWDC) will begin on June 5, 2023. This blockbuster show is one of the largest Apple events of the year, and it looks like this year's WWDC is going to be packed to the gills with new devices, operating system updates, and all-around tech goodness.

There's not long until we find out what Apple will unveil. And given that rumors have pointed to a brand-new mixed-reality headset and the first-ever 15-inch MacBook Air, among other products, it could be one of the most momentous events in Apple's recent history. If you're wondering what else is in the cards, you're in the right place. Let's see what’s next on Apple’s 2023 calendar
Reality Pro mixed-reality headset

Read more
Microsoft Teams is getting new AI tools — and they’re free
microsoft teams communities update builds on easy collaboration

Microsoft recently announced a major update to its communities and GroupMe features on its free Teams app. In addition to more features that mirror a platform like Discord, Teams now supports AI-generated images in Communities, à la Midjourney.

The Communities feature has been a breakout hit for Microsoft Teams since its introduction in December 2022, and has been available for Microsoft 365 Personal and Family plans, along with Teams Essentials accounts. Since then, many people have found the feature beneficial for local collaboration such as sharing projects, exchanging ideas, and pooling resources. According to user feedback, the feature allows people to stay connected before, during, and after gatherings, Microsoft said.

Read more