Hackers Stole Passwords for Accessing 140,000 Payment Terminals

Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch. From a report: Wiseasy is a brand you might not have heard of, but it's a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across the Asia-Pacific region. Through its Wisecloud cloud service, Wiseasy can remotely manage, configure and update customer terminals over the internet. But Wiseasy employee passwords used for accessing Wiseasy's cloud dashboards -- including an "admin" account -- were found on a dark web marketplace actively used by cybercriminals, according to the startup. Youssef Mohamed, chief technology officer at pen-testing and dark web monitoring startup Buguard, told TechCrunch that the passwords were stolen by malware on the employee's computers. Mohamed said two cloud dashboards were exposed, but neither were protected with basic security features, like two-factor authentication, and allowed hackers to access nearly 140,000 Wiseasy payment terminals around the world.

Wiseasy

[wedontneednobadges]

Wiseasy is perhaps a bit to easy to be wise.

Decision makers should be penalized

[Anonymous Coward]

"Mohamed said two cloud dashboards were exposed, but neither were protected with basic security features, like two-factor authentication, and allowed hackers to access nearly 140,000 Wiseasy payment terminals around the world."

Some person or some group made the decision NOT to implement basic security.

This is where Congress has failed. Every US company should be required to implement TOTP on the perimeter, and remove phone call or IM based 2FA.

Re:Decision makers should be penalized

[fuzzyfuzzyfungus]

I'm not desperately optimistic about the state of a lot of American outfits' security; but I'm not sure why Congress is on the hook for what some fintech bros in Singapore are selling to Asia-pacific customers.

Re:

[DarkRookie2]

Good luck with that. If you did that, the companies couldn't use it to track data.

Re:

[BoogieChile]

Wiseasy is headquartered in Singapore, so I'm not sure how that would help.

Wise-assey? Wizz-easy?

[bustinbrains]

I'm not quite sure how to correctly pronounce this company's name. The name has something to do with either intestinal or bladder issues. Or both. The name of the company seems applicable to the current situation the company finds themselves in.

Hold people responsible & they'll fall in line

[bubblyceiling]

Investigate, assign blame and send the culprits who allowed this to happen to jail. Without any consequences, why should they care? Not like it's their money anyway, in most cases, and likely belongs to some VC fund somewhere

Never assume

[dicobalt]

that you have the luxury of a salt.