Dashboards made by Wiseasy that were used to remotely oversee and operate credit card payment terminals were compromised by hackers. The well-known Android-based company manufactures payment terminals, which are primarily used in cafés, hotels, schools, etc.
The business can simply remotely manage, configure, and update customer terminals over the internet using its Wisecloud cloud service. The Wiseasy dashboard login information and employee password were discovered on a dark web marketplace frequented by thieves.
Youssef Mohamed, the chief technology officer at Buguard, revealed that the passwords were taken by malware on staff members’ PCs, exposing two cloud dashboards that lacked fundamental security protections.
Because of this breach of security, hackers were able to steal 140,000 Wiseasy payment terminals from all across the world. Hackers frequently target payment systems in order to steal credit card information.
Anyone with access to the dark web’s “admin user” could lock the device and remotely add and uninstall apps. They could view personal data including names, phone numbers, and email addresses as well as access rights for Wiseasy dashboard users through the dashboard.
In addition, it revealed the network’s Wi-Fi name and plaintext password to which the payment terminal was linked, giving anyone access to manage payments and modify changes.