Passwords to dashboards of 140,000 payment terminals hacked

A cybersecurity startup recently reported that hackers gained access to Wiseasy’s credit card payment terminals. According to reports, these hackers could access the dashboards used to remotely manage and control these digital payment terminals. 

Wiseasy is a brand that creates Android-based payment terminal used in restaurants, hotels, retail outlets and schools across the Asia Pacific region. Wiseasy can remotely manage, configure and update customer terminals on the web through its Wisecloud cloud service. 

However, Wiseasy employees’ cloud dashboard passwords were found on a dark web marketplace recently. Threat actors and cyber criminals actively use this marketplace. 

The chief technology officer, Youssef Mohamed of the startup who reported the incident, mentioned that the passwords were stolen by malware on the employee’s computers. He asserted that two cloud dashboards were exposed. Neither of the two dashboards had basic security engraved into them. It wasn’t properly protected and features like two-factor authentication couldn’t be seen. This allowed hackers to access nearly 140,000 Wiseasy payment terminals all across the world. 

Financially driven hackers often target payment terminals with the aim of skimming credit card numbers for committing fraud. 

Mohamed also started that anyone with access to the dashboards can alter configuration in the payment terminals. 

According to latest reports, Wiseasy stated that they had remediated the issue and added two-factor authentication to its dashboards.