Hackers stole passwords from 140,000 payment terminals using malware

An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,00 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer’s terminals.

Hackers were able to gain access to Wiseasy’s systems through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace, Buguard chief technology officer Youssef Mohamed told TechCrunch.

Buguard is a penetration testing and dark web monitoring startup that observed the hacking of Wiseasy and noted that the bad actors were able to gain control of two of the company’s cloud dashboards, including an “admin” account. Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication.

The publication was able to view screenshots of Wiseasy’s “admin” user account, which shows how the service can control payment terminals remotely, have access to various user data, and have configuration control, such as being able to add users, seeing Wi-Fi names, and plaintext passwords of connected payment terminals. Access in the wrong hands can easily cause such a situation.

Buguard also said its attempts to collaborate with Wiseasy in early July to address the issue were met with canceled meetings. At this point, Mohamed is unable to say whether the breach has been resolved. However, a Wiseasy spokesperson, Ocean An, told TechCrunch that the company had fixed the issue in-house and added two-factor authentication to its systems.

It remains unknown whether Wiseasy will directly tell customers about this hack, according to TechCrunch.

Many cyber-security issues have to do with hackers working to take over control of various programs or services from the back end. A recently resolved zero-day vulnerability was Follina (CVE-2022-30190), which granted hackers access to the Microsoft Support Diagnostic Tool (MSDT).

This tool is commonly associated with Microsoft Office and Microsoft Word. Hackers were able to exploit it to gain access to a computer’s back end, granting them permission to install programs, create new user accounts, and manipulate data on a device.

Early accounts of the vulnerability’s existence were remedied with workarounds. However, Microsoft stepped in with a permanent software fix once hackers began to use the information, they gathered to target the Tibetan diaspora and U.S. and E.U. government agencies.

Related posts

Latest posts

Samsung’s most mysterious Galaxy S25 model is still being spotted

We're days away from Samsung's Galaxy Unpacked event, and there's a mysterious Galaxy S25 model that's still being spotted ahead of the show.

This tiny sensor could be the future of smartphone photography

As smartphone cameras get better and better, what does the next generation of camera tech look like? This company hopes its holographic sensor has the answer.

Apple admits this Apple Intelligence feature still needs a lot of work

Apple has made some changes to its notification summaries in Apple Intelligence, in the wake of errors being pointed out by testers.

The incredible OnePlus 12 has a $100 discount today

The OnePlus 12 is a great alternative to iPhone and Samsung Galaxy devices, and today, both the 256GB and 512GB options are $100 off!

At last, phones with massive batteries are coming

Redmi is reportedly prepping a 7,500 mAh battery for its next budget phone. The tech is already out there, and it doesn't take a toll on the charging pace.

These accessories truly leveled up my OnePlus 13 experience

OnePlus' official premium magnetic cases and the new fast wireless charger made me fall in love with the OnePlus 13 even more.

Nvidia’s RTX 5090 struggles to run Cyberpunk 2077 at 30 fps

Not even Nvidia's best graphics card can handle Cyberpunk 2077 at max settings without frame generation.

It’s official — TikTok can be banned in the U.S.

The U.S. Supreme Court has reached a unanimous decision that TikTok either needs to be banned or sold in the U.S.

This Android 16 feature will change how you multitask forever

In Android 16, we could see a slick change to the split-screen tool for tablets and foldable phones.

We’re already getting hints about cool Galaxy S26 tech

Next year's Samsung Galaxy S26 could have better battery life than any phone that has come before, thanks to a new type of battery technology.