Point-of-Sale System Bought On eBay Yields Treasure Trove of Private Data 68
jfruh writes: Point-of-sale systems aren't cheap, so it's not unusual for smaller merchants to buy used terminals second-hand. An HP security researcher bought one such unit on eBay to see what a used POS system will get you, and what he found was disturbing: default passwords, a security flaw, and names, addresses, and social security numbers of employees of the terminal's previous owner.
Re:I hope this surprises no one,.. (Score:5, Informative)
Restaurant fails to pay the lease.
Landlord slaps a new lock on the door.
Equipment is sold to a restaurant supply reclamation company, of which any city of any size has.
Supply company puts their crap on eBay.
Re:SSN on POS? (Score:5, Informative)
An excellent question.
I'm betting this POS machine was basically a full-blown PC hooked up to a cash drawer. It seems to be a popular setup with small businesses (I'm guessing actual cash registers cost a lot - and they're certainly not as versatile).
A hardware store and a couple car parts stores near my house have this setup. The car parts stores use them for parts info lookup as well. Maybe this machine was also holding the HR files.
Re:SSN on POS? (Score:4, Informative)
Full-featured POS systems can handle things like payroll, invoicing, inventory/food ordering, bill payment, appointment reminders for customers, etc.
Yep. They're called Integrated Payment Platforms or Integrated Payment Systems and they're all the rage right now.