Hackers gained access to dashboards that had been remotely used to manage and control credit card payment terminals, manufactured by Wiseasy.
The popular Android-based brand is a payment terminal maker, mostly used in cafes, hotels, schools, etc. Using its Wisecloud cloud service, the company can remotely manage, configure and update customer terminals over the internet easily.
According to Tech Crunch, Wiseasy's employee password and its dashboard login details were found on a dark web marketplace being actively used by cybercriminals.
Chief technology officer at Buguard, Youssef Mohamed, told TechCrunch that the passwords were stolen by malware on employees' computers, exposing two cloud dashboards that were unprotected by basic security features. This lack of secure protection caused hackers to steal 140,000 Wiseasy payment terminals around the world. Payment systems are usually targeted by hackers for the purpose of committing credit card fraud.
The 'admin user' available on the dark web allowed anyone to lock the device and remotely install and remove apps. Through the dashboard, they could view personal information like names, phone numbers, email addresses, and access permissions for Wiseasy dashboard users. It also exposed the Wi-Fi name and plaintext password of the network that the payment terminal was connected to, allowing anyone to control the payments and configure changes.
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ