Hackers had access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy, a cybersecurity startup told TechCrunch.
Wiseasy is a brand you might not have heard of, but it’s a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across the Asia-Pacific region. Through its Wisecloud cloud service, Wiseeasy can remotely manage, configure and update customer terminals over the internet.
But Wiseasy employee passwords used for accessing Wiseasy’s cloud dashboards — including an “admin” account — were found on a dark web marketplace actively used by cybercriminals, according to the startup.
Youssef Mohamed, chief technology officer at pen-testing and dark web monitoring startup Buguard, told TechCrunch that the passwords were stolen by malware on the employee’s computers. Mohamed said two cloud dashboards were exposed, but neither were protected with basic security features, like two-factor authentication, and allowed hackers to access nearly 140,000 Wiseasy payment terminals around the world.