Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy.
Wiseasy is a well-known Android-based payment terminal manufacturer that is used in restaurants, hotels, retail outlets, and schools throughout the Asia-Pacific region. Wiseeasy’s Wisecloud cloud service allows it to remotely manage, configure, and update customer terminals via the internet. Youssef Mohamed, chief technology officer at pen-testing and dark web monitoring startup Buguard, told TechCrunch that malware on the employees’ computers stole the passwords. According to Mohamed, two cloud dashboards were exposed, but neither was protected with basic security features such as two-factor authentication, allowing hackers to access nearly 140,000 Wiseasy payment terminals worldwide. Financially motivated hackers frequently target payment systems with the goal of skimming credit card numbers and committing fraud.