1 min read

Wiseasy Employee Credentials Found Online, More than 140,000 POS Terminals Affected

Silviu STAHIE

August 03, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Wiseasy Employee Credentials Found Online, More than 140,000 POS Terminals Affected

A security researcher has identified Wiseasy admin credentials on the black market. Wiseasy is a manufacturer of financial terminals and payment technology services widely used in the hospitality industry and other domains where card payments are necessary.

Point of sale (POS) devices are often under attack mainly because they deal with credit card transactions, but they also hold personal information of many customers. POS devices remain prime targets for attacks, but the recent Wiseasy incident is different, although it affects the same types of devices.

Security researchers from Buguard discovered that Wiseasy employee credentials, including admin ones, were available online. This would let attackers log in into the Wiseasy cloud platform. Moreover, the cloud dashboard had no extra protection, such as two-factor authentication, which is always needed, especially when dealing with financial and personal information.

According to a TechCrunch report, some of the exposed information included names, phone numbers, email addresses, Wi-Fi names, and much more. In total, attackers would have had direct access to around 144,000 Wiseasy terminals worldwide.

To make matters worse, the security researchers contacted the company but could not get a clear answer. They tried to speak with people at the company, only to have meetings canceled at the last minute. They had even sent screenshots showing the type of access they had.

Following multiple questions and requests for comments, Wiseasy eventually said they enabled two-factor authentication for the dashboards, but it's unclear whether they plan to notify their customers as well.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read