Wiseasy Employee Credentials Found Online, More than 140,000 POS Terminals Affected
A security researcher has identified Wiseasy admin credentials on the black market. Wiseasy is a manufacturer of financial terminals and payment technology services widely used in the hospitality industry and other domains where card payments are necessary.
Point of sale (POS) devices are often under attack mainly because they deal with credit card transactions, but they also hold personal information of many customers. POS devices remain prime targets for attacks, but the recent Wiseasy incident is different, although it affects the same types of devices.
Security researchers from Buguard discovered that Wiseasy employee credentials, including admin ones, were available online. This would let attackers log in into the Wiseasy cloud platform. Moreover, the cloud dashboard had no extra protection, such as two-factor authentication, which is always needed, especially when dealing with financial and personal information.
According to a TechCrunch report, some of the exposed information included names, phone numbers, email addresses, Wi-Fi names, and much more. In total, attackers would have had direct access to around 144,000 Wiseasy terminals worldwide.
To make matters worse, the security researchers contacted the company but could not get a clear answer. They tried to speak with people at the company, only to have meetings canceled at the last minute. They had even sent screenshots showing the type of access they had.
Following multiple questions and requests for comments, Wiseasy eventually said they enabled two-factor authentication for the dashboards, but it's unclear whether they plan to notify their customers as well.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022