140,000 Payment Terminals were Hacked Using Malware

Recently, an android-based payment system, Wiseasy, was hacked by some unknown hackers, and they were able to infiltrate 140,000 payment terminals, putting the privacy of millions of users in jeopardy.

Wiseasy is usually used in restaurants and hotels in the Asia-Pacific region, and it’s not very effective in terms of security and precision. That is why it is not preferred in western countries. Mostly cheap hotel owners use their service to save some dimes, but it has backfired.

Wiseasy uses Wisecloud to manage and configure its customers’ credit card terminal structures. Somehow, hackers got their hands on the login information of one of the employees of Wisecloud. Using that login information, the hackers manipulated the users’ credit card information, and that’s when the Buguard jumped in.

Buguard is a dark web threat penetrating startup that surfs around dark webs looking for potential threats to any tech companies and tries to protect the masses from being harmed by hackers. Buguard noticed that the ‘admin’ login id and password of Wiseasy were being sold on the dark web for cybercriminals to access the Wiseasy cloud system.

Buguard claims they had priority informed Wiseasy about the suspicious activities about their payment terminal, but those threats were ignored. Buguard suggested Wiseasy have a two-factor authentication process, but the payment service failed to at upon that advice.

The screenshots of hackers’ access were shown to a publication, which depicts that the hackers had access to various user data and had configuration control, such as adding users, seeing Wi-Fi names, and plaintext passwords of connected payment terminals.

In order to solve this blunder, there was supposed to be a meeting of Buguard and Wiseasy CEO as they both agreed to collaborate and try to stop any further damage. But Wiseasy cancelled the meeting without any notice and claimed that they have been able to solve the problem in-house and have set up a two-factor authentication process, and the future threats are insured.

Buguard said they are not sure if Wiseasy claims are valid and when they plan to disclose the issue to their users. This is worrying behaviour from a company directly responsible for taking care of our money, and it’s inevitable that hackers will try to attack Wisecloud again as they have gained direct access once. Hackers might have made some secret backdoor in the cloud for their future access, and we can only hope that the Wiseasy claims are accurate and that they have been able to secure everything.