A group of hackers managed to take over 140,000 electronic payment terminals

A group of hackers has taken control of over 140,000 terminals from an American company that develops electronic payment solutions . Wiseasy produces small terminals based on Android. The company’s products are used by hundreds of shops, hotels, bars and even schools,

The terminals in question can be configured remotely, using the Wisecloud platform. In this way, the company can resolve any technical errors, update settings and so on at any time.

In theory, every customer – and therefore every terminal – has a unique password. In practice, some security experts discovered that on the so -called darkweb someone was selling an archive with the passwords of over 140,000 different terminals. Among other things, the archive also included credentials to access accounts with admin powers.

A cybersecurity expert told Tech Crunch magazine that the passwords were likely stolen by infecting an employee’s computer with malware. “The passwords were saved on some dashboards saved in the cloud, without the slightest security measures, such as two-factor authentication, having been taken,” he said.

Thanks to the access credentials, the electronic terminals were in fact the merchandise of hackers, who, remotely, could freely access the personal information of customers, as well as order the suspension of payments or download and remove Android applications at will. It is unclear whether these enormous powers have been successfully exploited to steal money or compromise the security of Wiseasy’s customers.