Hackers gained access to dashboards that had remotely used to manage and control credit card payment terminals, manufactured by Wiseasy.
The popular Android-based brand is a payment terminal maker, mostly used in cafes, hotels, schools, etc. Using its Wisecloud cloud service, the company can remotely manage, configure and update customer terminals over the internet easily.
Moreover, according to Tech Crunch, Wiseasy’s employee password and its dashboard login details which found on a dark web marketplace; actively used by cybercriminals.
Furthermore, Chief technology officer at Buguard, Youssef Mohamed, told TechCrunch that:
The passwords stolen by malware on employees’ computers; exposing two cloud dashboards that were unprotected by basic security features. This lack of secure protection caused hackers to steal 140,000 Wiseasy payment terminals around the world. Payment systems usually targeted by hackers for the purpose of committing credit card fraud.
In conclusion, the ‘admin user’ available on the dark web allowed anyone to lock the device and remotely install and remove apps. Through the dashboard; they could view personal information like names, phone numbers, email addresses, and access permissions for Wiseasy dashboard users. It also exposed the Wi-Fi name and plaintext password of the network that the payment terminal connected to; allowing anyone to control the payments and configure changes.