Hackers have reportedly stolen thousands of passwords to gain access to dashboards used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments major Wiseasy. The report in TechCrunch quotes a cybersecurity startup, Buguard. Singapore-based Wiseasy is an Android-based payment terminal used by hotels, restaurants and retail outlets across the Asia Pacific region.
“Wiseasy facilitates banks, acquirers, fintech companies, telecom operators and industry solution providers to offer diverse financial services to the wider public in more cost-efficient and convenient ways,” says the company on its website.
How hackers gained access
The hackers were able to gain access into Wiseasy’s systems through employees’ computer passwords that were apparently being stolen by malware. Youssef Mohamed, chief technology officer at Buguard, told TechCrunch that Wiseasy employee passwords used for accessing Wiseasy’s cloud dashboards — including an ‘admin’ account — were found on a dark web marketplace actively used by cybercriminals.
He said that two cloud dashboards were exposed, and claimed that none had even basic security features, like two-factor authentication. This helped hackers to easily break into the company’s payment terminals around the world. Wiseasy claims to have offices in 114 locations around the world.
The Buguard CTO claimed to the website that they did try to inform Wiseasy about the compromised dashboards in early July. However, efforts to disclose the compromise were met with meetings with executives that were later canceled without prior information. He further claimed that the company declined to say if or when the cloud dashboards would be secured.