DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Chinese Hackers Breached LoopPay

Posted on October 7, 2015 by Dissent

Nicole Perlroth and Mike Isaac report:

Months before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.

As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.

Read more on New York Times.

In response to the NY Times’ article, Samsung responded with a statement:

Today, the New York Times reported on an incident that targeted LoopPay’s office network.

The article raised questions as to the effect of this on the recently launched Samsung Pay service. The first thing to know is that Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay office network, which is a physically separate network from Samsung Pay. The LoopPay incident was resolved and had nothing to do with Samsung Pay.

It’s worth reiterating that the reported incident was related to LoopPay’s office network which handles email, file servers and printing within the company. This network is physically separate from the production network that handles payment transactions and run by Samsung.

The incident involved three servers on LoopPay’s internal office network.

As soon as the incident was discovered, LoopPay followed their standard incident response procedures and acted immediately and comprehensively. LoopPay brought in two independent professional security teams. LoopPay immediately identified and quarantined the targeted devices, conducted a thorough and extensive sweep of LoopPay’s entire system, and put additional safeguards in place.

Again, Samsung, Samsung Pay, and Samsung users were not affected.

We’re confident that Samsung Pay is safe and secure. Each transaction uses a digital token to replace a card number. The encrypted token combined with certificate information can only be used once to make a payment. Merchants and retailers can’t see or store the actual card data.

[…]

But what were the hacker’s intentions? Stephen Lawson of IDG suggests that it might not be identity theft:

However, if the breach was carried out by the notorious Codoso Group in China, as The New York Times reported, it probably wasn’t intended to steal consumer data for sale, said Ken Westin, a senior security analyst at threat-detection software company TripWire.

The Codoso Group has been linked to large-scale attacks on major defense, finance and other organizations, including websites related to the Uyghur minority in China. It allegedly is affiliated with the government of China.

The hackers probably wanted access to LoopPay’s code, possibly to develop the capability to collect information on individuals, Westin said.

Alex Holden, CEO of the consultancy Hold Security, agreed. Codoso may have ultimately wanted to know “who bought what, when,” he said. For example, if an important individual made a purchase at a coffee shop in Los Angeles, an infiltrator could learn something about that person’s travels.

And while LoopPay may have worked out the details of this particular breach, it’s probably facing what security researchers call an advanced persistent threat, he said. That kind of attacker keeps coming back and probing different parts of a company’s infrastructure looking for weaknesses and laying the groundwork for future infiltrations. Samsung should be worried, Westin said.

Read more on Computerworld.

No related posts.

Category: Business SectorHack

Post navigation

← FL: Pensacola man arrested for stealing personal information from job seekers
Matthew Keys Convicted of Helping Anonymous Hack The Tribune Company →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.