The dashboard used to remotely manage and control thousands of credit card payment terminals was accessed by hackers, according to a cybersecurity startup.
You might not know that Wiseasy is a brand that is used in restaurants, hotels, retail outlets and schools in the Asia-Pacific region. Through its cloud service, Wiseeasy can remotely manage customer terminals.
Wiseasy employee passwords were found on a dark web marketplace that was used by criminals.
According to the chief technology officer at Buguard, the passwords were stolen from an employee's computer. Two cloud dashboards were exposed, but neither were protected with basic security features, like two-factor authentication, which allowed hackers to access over 100,000 Wiseasy payment terminals around the world.
The aim of skimming credit card numbers is to commit fraud.
Buguard said it first contacted Wiseasy about the compromised dashboards in early July, but efforts to disclose the compromise were met with meetings with executives that were later canceled without warning.
Screenshots of the dashboard show a user with remote access to Wiseasy payment terminals and the ability to lock the device and uninstall apps. The Wiseasy dashboard gave anyone the ability to view names, phone numbers, email addresses, and access permission for users.
The name and password of the network that payment terminals are connected to is shown in another dashboard view.
Anyone with access to the dashboard can change the configuration of Wiseasy payment terminals.
The chief executive of Wiseasy wouldn't comment when contacted by the website. In a separate email from Ocean An, the company confirmed that the issues were fixed and that it had added two-factor verification to the dashboards.
The company doesn't know if it will notify its customers of the security lapse.
A payments provider for paying court fines and utility bills exposed years of transactions
All Rights Reserved © 2024
