cyber Cyber Attack

Wiseasy

Oct 25, 2022 1 min read
Wiseasy

Hackers had access to dashboards which is used to remotely manage and control thousands of credit card payment terminals manufactured by digital payments giant Wiseasy.

Wiseasy is a popular Android-based payment terminal maker used in restaurants, hotels, retail outlets and schools across the Asia-Pacific region.

Two cloud dashboards were exposed, but neither were protected with basic security features, like two-factor authentication.

It allowed hackers to access nearly 140,000 Wiseasy payment terminals around the world.

The dashboard also allowed anyone to view names, phone numbers, email addresses and access permissions for Wiseasy dashboard users, including the ability to add new users.

Source: https://techcrunch.com/2022/08/01/wiseasy-android-payment-passwords/?guccounter=1

TPRM report: https://scoringcyber.rankiteo.com/company/wiseasygroup

"id": "wis15171022",
"linkid": "wiseasygroup",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
{'affected_entities': [{'industry': 'Digital Payments',
                        'location': 'Asia-Pacific region',
                        'name': 'Wiseasy',
                        'type': 'Company'}],
 'attack_vector': 'Unsecured Cloud Dashboard',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Phone numbers',
                                                         'Email addresses'],
                 'sensitivity_of_data': 'Medium',
                 'type_of_data_compromised': ['Personal Information',
                                              'Access Permissions']},
 'description': 'Hackers had access to dashboards used to remotely manage and '
                'control thousands of credit card payment terminals '
                'manufactured by Wiseasy.',
 'impact': {'data_compromised': ['Names',
                                 'Phone numbers',
                                 'Email addresses',
                                 'Access permissions'],
            'systems_affected': ['Wiseasy payment terminals',
                                 'Cloud dashboards']},
 'initial_access_broker': {'entry_point': 'Unsecured Cloud Dashboard'},
 'post_incident_analysis': {'root_causes': 'Lack of basic security features '
                                           'such as two-factor authentication'},
 'threat_actor': 'Unknown',
 'title': 'Wiseasy Payment Terminal Dashboard Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Lack of basic security features such as '
                            'two-factor authentication'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.