• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Avanti Markets’ kiosks hacked; credit card, biometric data stolen

July 11th, 2017 Jahanzaib Hassan Hacking News, Malware, Security 0 comments
Avanti Markets’ kiosks hacked; credit card, biometric data stolen
Share on FacebookShare on Twitter

The self-service kiosks of Avanti Markets were recently hacked with criminals stealing customer information which included credit card numbers, the first and last name of the customers along with certain biometric information.

Avanti Markets

Avanti Markets is one of the largest suppliers of self-service kiosks that are used by corporate employees to pay for snacks and victuals at the office’s breakroom. The machines use customer’s credit card and fingerprints to authorize the transactions.

[irp posts=”50936″ name=”Someone DDoSed A University Server By Hacking Its Vending Machines”]

Breach results in compromising a million accounts

According to Avanti Markets., approximately 1.6 million customers became the victims of the breach. Also, Avanti Markets stated in a blog post that the breach took place on the 4th of July, but the company learned about the incident only recently this week. Subsequently, a notice of data breach was published on its website.

The hackers have apparently injected a malware in the network of the company’s system. Avanti Markets stated that not all of the machines are configured in the same way, and therefore, some of the customers’ accounts might have been breached while others may not have been affected at all.

Service shut down as a result of the breach

Avanti Markets decided to turn off all of their networks after the breach and stated that it is working with experts to fix the problem. Essentially, it said that steps are being taken to minimize the risk of further data breaches.

However, according to a report, half of the kiosks do not use P2Pe, which is short for point-to-point encryption. It is a method to encrypt customer information so that incidents like these can be avoided.

PoSeidon

Last Thursday, a law firm reported that the kiosk in its premises was not accepting credit cards. A researcher from RiskAnalytics, Noah Dunker, subsequently wrote about the incident on his blog on the 4th of July.

He stated the machine had been breached by a malware called PoSeidon which was transferring credit card information from the machine to the attackers. PoSeidon is a name for a family of malicious computer programs targeting Computerized Point-of-Sale systems.

Also, the blog mentioned that along with the primary vendor, small local vendors who were supplying the technology were also affected by the malware. However, the names of the vendors were not revealed at the time.

Later, a researcher from KrebsOnSecurity asked Dunker whether the primary vendor he mentioned was Avanti. Dunker confirmed and told KrebsOnSecurity that the vendor he was talking about was actually Avanti Markets and that the machine in the law firm was using an SSL encryption certificate to send out critical information.

[irp posts=”54724″ name=”8Track Hacked: 18M accounts from music social network site stolen”]

An Avanti self-service kiosks

The issue with the network technology

Dunker pointed out that the incident shows how vulnerable a network such as this one can be. He stated that since there are a number of systems involved, fixing or securing the overall network is not easy.

Moreover, he mentioned that such devices are usually managed and controlled by third-parties which make finding vulnerabilities ever more difficult, let alone fixing them.

Is biometrics that safe?

In this modern day and age, there are increasing amounts of devices with biometric verification systems that scan a person’s face, eyes, or fingerprints to grant access to protected accounts.

In the incident mentioned above, hackers were able to steal biometric data as well implying that such systems are not that safe.

In fact, a couple of months ago, the biometric verification system used by Samsung which scans a user’s iris to grant access was easily broken into with just a high-definition photograph and contact lenses.

The lens was placed on the photographic eye of a real person and put in front of Samsung’s camera. Quite surprisingly, the phone unlocked granting access to the researcher.

Whether such biometric systems are safe is moot. Nevertheless, devices using these systems need to ensure even greater security since unlike credit cards or passwords, such information cannot be changed or renewed instantly.

[irp posts=”53237″ name=”Indian Biometric System Data leaked; over 130 M people could be affected”]


Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • hacking
  • internet
  • Malware
  • Privacy
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Smart Home Device Calls Police Amid Domestic Dispute
Next article Creators of dark web chat room arrested for facilitating child abuse
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
Hacked Android phones mimicked connected TV products for fake ad views

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hacked Android phones mimicked connected TV products for fake ad views
Cyber Crime

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us