• Cybersecurity startup Buguard found Wiseasy employee passwords on a dark web marketplace
  • The watchdog said hackers used the passwords to access 140,000 payment terminals
  • Wiseasy said it has since fixed the cloud dashboard issues

Hackers stole employee passwords of Wiseasy to access about 140,000 payment terminals on the digital payments service provider, a cybersecurity startup revealed. The platform reportedly declined to confirm when the cyberattacked cloud dashboards will be secured.

Speaking with TechCrunch, Youssef Mohamed, the chief technology officer at dark web monitoring startup Buguard, said employee passwords that were used to access Wiseasy’s cloud dashboards were detected on a dark web marketplace. Wiseasy is an Asia-Pacific terminal maker that users utilize in various industries such as hotels, retailers, restaurants, and schools. The digital payments platform uses a Wisecloud cloud service to remotely manage and update customer terminals online.

Mohamed told TechCrunch that two Wiseasy cloud dashboards were exposed, allowing cybercriminals to steal passwords from the employee’s computers. He added that the exposed dashboards did not have basic security features, the outlet reported Monday.

The cybersecurity startup, which also provides a penetration testing service, further revealed that it informed Wiseasy about the dashboard issue early last month, but the meetings with Wiseasy executives were canceled without notice. Mohamed said the company did not say when the dashboards will be stabilized and secured.

Wiseasy spokesperson Ocean An told TechCrunch that the cloud dashboard problems have since been addressed and two-factor authentication features have been added to the compromised dashboards. It is unclear whether Wiseasy will notify its users about the security lapse that exposed employee passwords to cybercriminals.

The recent hacking of Wiseasy employee passwords is just one among several other cybersecurity crimes this year, including the hacking of valuable data from Samsung, Ubisoft and Nvidia by digital extortion gang Lapsus$.

Earlier this year, global malware vulnerability detection firm Sansec revealed that more than 350 e-commerce websites were affected by a credit card skimmer installed by hackers to steal buyer data. In the Sansec Threat Research report, it was found that the cybercriminal-installed skimmer allows infected websites to run a malicious code which will then send payment card detail information to hacker-controlled servers.

In an April research report by Kaspersky, it was found that 52% of Southeast Asia respondents admitted they’ve lost money due to credit card fraud and some by bank account fraud. The report further revealed that 45% of respondents lost money through ransomware attacks, and 47% lost money due to data hacking.

The Kaspersky report also noted that 97% of respondents were aware of at least one type of cybersecurity threat on digital payment platforms.

The Kaspi app has become a key smartphone tool for digital payments and e-commerce
Wiseasy utilizes Wisecloud cloud service to remotely manage and update customer terminals online. AFP / Ruslan PRYANIKOV