Hackers Stole Wiseasy Passwords To Access 140,000 Payment Terminals: Cybersecurity Startup

KEY POINTS

Cybersecurity startup Buguard found Wiseasy employee passwords on a dark web marketplace
The watchdog said hackers used the passwords to access 140,000 payment terminals
Wiseasy said it has since fixed the cloud dashboard issues

Hackers stole employee passwords of Wiseasy to access about 140,000 payment terminals on the digital payments service provider, a cybersecurity startup revealed. The platform reportedly declined to confirm when the cyberattacked cloud dashboards will be secured.

Speaking with TechCrunch, Youssef Mohamed, the chief technology officer at dark web monitoring startup Buguard, said employee passwords that were used to access Wiseasy’s cloud dashboards were detected on a dark web marketplace. Wiseasy is an Asia-Pacific terminal maker that users utilize in various industries such as hotels, retailers, restaurants, and schools. The digital payments platform uses a Wisecloud cloud service to remotely manage and update customer terminals online.

New: Hackers stole passwords used to remotely access, manage and update 140,000 Android-based payment terminals.https://t.co/FgM02GCokl
— Zack Whittaker (@zackwhittaker) August 1, 2022

Mohamed told TechCrunch that two Wiseasy cloud dashboards were exposed, allowing cybercriminals to steal passwords from the employee’s computers. He added that the exposed dashboards did not have basic security features, the outlet reported Monday.

The cybersecurity startup, which also provides a penetration testing service, further revealed that it informed Wiseasy about the dashboard issue early last month, but the meetings with Wiseasy executives were canceled without notice. Mohamed said the company did not say when the dashboards will be stabilized and secured.

Wiseasy spokesperson Ocean An told TechCrunch that the cloud dashboard problems have since been addressed and two-factor authentication features have been added to the compromised dashboards. It is unclear whether Wiseasy will notify its users about the security lapse that exposed employee passwords to cybercriminals.

The recent hacking of Wiseasy employee passwords is just one among several other cybersecurity crimes this year, including the hacking of valuable data from Samsung, Ubisoft and Nvidia by digital extortion gang Lapsus$.

UPDATE: In a Telegram channel allegedly run by the hacking group LAPSUS$ -- which has also claimed responsibility for the recent Nvidia and Samsung hacks -- the group took credit for the Ubisoft hack disclosed yesterday. https://t.co/bNqIGrkYh8
— Jay Peters (@jaypeters) March 12, 2022

Earlier this year, global malware vulnerability detection firm Sansec revealed that more than 350 e-commerce websites were affected by a credit card skimmer installed by hackers to steal buyer data. In the Sansec Threat Research report, it was found that the cybercriminal-installed skimmer allows infected websites to run a malicious code which will then send payment card detail information to hacker-controlled servers.

More than 350 ecommerce stores infected with malware in a single day.

Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.
— Sansec (@sansecio) January 25, 2022

In an April research report by Kaspersky, it was found that 52% of Southeast Asia respondents admitted they’ve lost money due to credit card fraud and some by bank account fraud. The report further revealed that 45% of respondents lost money through ransomware attacks, and 47% lost money due to data hacking.

The Kaspersky report also noted that 97% of respondents were aware of at least one type of cybersecurity threat on digital payment platforms.