If you work in a big-fish corporation, you might be familiar with the self-service payment kiosks that are a godsend for antisocial yet hungry employees. Avanti Markets is a company that offers these self-service kiosks – literally shelves filled with the snacks and drinks of your hungriest dreams.
Much to the chagrin of hungry workers everywhere, Avanti was recently hacked. The breach consisted of vulnerabilities in the company’s internal networks, where hackers were able to execute malicious software to the self-service payment kiosks.
Avanti, who acknowledged and confirmed the breach, also explained that the credit card accounts – and biometric data – of their customers may have been exposed.
“On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks.
Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.”
For those that are unfamiliar, Avanti’s self-service kiosks allow workers to pay for their snacks and drinks with credit cards, cash, or fingerprint scans.
Although biometric data might be jeopardized, it seems the hacker’s main goal was to gain access to card related payment information – including the cardholder’s first and last name, the card number, and the expiration date.
Due to the discovery of the malware’s intention, Avanti has temporarily disabled their kiosks credit card payment option. After further investigation into the matter, it was found that the kiosks were infected with a family of point-of-sale malware – otherwise known as PoSeidon (or FindPOS).
There is no doubt in the convenience of self-serving kiosks or similar things. The doubt lies in the vulnerabilities that come with such advancement of technology. If we don’t want to give up these types of things, manufacturers have got to start finding new ways of implementing security features.