Skip to main content
  1. Home
  2. Computing
  3. News

Hackers stole passwords from 140,000 payment terminals using malware

Fionna Agomuoh
By

An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,000 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer’s terminals.

The Wiseasy point of sale system on a table.
Image used with permission by copyright holder

Hackers were able to gain access to Wiseasy’s systems through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace, according to cybersecurity firm Buguard, which shared the information with TechCrunch.

Recommended Videos

Buguard is a penetration testing and dark web monitoring startup that observed the hacking of Wiseasy and noted that the bad actors were able to gain control of two of the company’s cloud dashboards, including an “admin” account. Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication.

Related

The publication was able to view screenshots of Wiseasy’s “admin” user account, which shows how the service can control payment terminals remotely, have access to various user data, and have configuration control, such as being able to add users, seeing Wi-Fi names, and plaintext passwords of connected payment terminals. Access in the wrong hands can easily cause such a situation.

Buguard also said its attempts to warn Wiseasy of the security issue began in early July, but the scheduled meetings ended up getting canceled and were never held. At this point, Buguard chief technology officer Youssef Mohamed says he’s unable to say whether the breach has been resolved. However, a Wiseasy spokesperson, Ocean An, told TechCrunch that the company had fixed the issue in-house and added two-factor authentication to its systems.

It remains unknown whether Wiseasy will directly tell customers about this hack, however.

Many cyber-security issues have to do with hackers working to take over control of various programs or services from the back end. A recently resolved zero-day vulnerability was Follina (CVE-2022-30190), which granted hackers access to the Microsoft Support Diagnostic Tool (MSDT).

This tool is commonly associated with Microsoft Office and Microsoft Word. Hackers were able to exploit it to gain access to a computer’s back end, granting them permission to install programs, create new user accounts, and manipulate data on a device.

Early accounts of the vulnerability’s existence were remedied with workarounds. However, Microsoft stepped in with a permanent software fix once hackers began to use the information, they gathered to target the Tibetan diaspora and U.S. and E.U. government agencies.

Editors' Recommendations

Topics
Fionna Agomuoh
Fionna Agomuoh
Computing Writer
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
4 CPUs you should buy instead of the Ryzen 7 7800X3D
AMD Ryzen 7 7800X3D sitting on a motherboard.

The Ryzen 7 7800X3D is one of the best gaming processors you can buy, and it's easy to see why. It's easily the fastest gaming CPU on the market, it's reasonably priced, and it's available on a platform that AMD says it will support for several years. But it's not the right chip for everyone.

Although the Ryzen 7 7800X3D ticks all the right boxes, there are several alternatives available. Some are cheaper while still offering great performance, while others are more powerful in applications outside of gaming. The Ryzen 7 7800X3D is a great CPU, but if you want to do a little more shopping, these are the other processors you should consider.
AMD Ryzen 7 5800X3D

Read more
Even the new mid-tier Snapdragon X Plus beats Apple’s M3
A photo of the Snapdragon X Plus CPU in the die

You might have already heard of the Snapdragon X Elite, the upcoming chips from Qualcomm that everyone's excited about. They're not out yet, but Qualcomm is already announcing another configuration to live alongside it: the Snapdragon X Plus.

The Snapdragon X Plus is pretty similar to the flagship Snapdragon X Elite in terms of everyday performance but, as a new chip tier, aims to bring AI capabilities to a wider portfolio of ARM-powered laptops. To be clear, though, this one is a step down from the flagship Snapdragon X Elite, in the same way that an Intel Core Ultra 7 is a step down from Core Ultra 9.

Read more
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more