N.Y. Times: Samsung subsidiary Loop Pay, part of Samsung Pay, hacked by Chinese group

N.Y. Times: Samsung subsidiary Loop Pay, part of Samsung Pay, hacked by Chinese group
One of the advantages of Samsung Pay is that the mobile payment service works not only with retailers who use NFC wireless POS systems, but it also works with every retailer that swipes a credit card to ring up a transaction. That is due to the magnetic secure transmission used by Loop Pay, which was purchased last February by Samsung. With Loop Pay, Samsung Pay can be used at over 10 million retailers globally.

A report in today's New York Times says that less than a month after being purchased by Samsung, Chinese hackers were able to break into Loop Pay's computer systems. The hackers, known as the Codoso Group or Sunshock Group, were reportedly seeking Loop Pay's magnetic secure transmission technology. According to Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay, the hackers broke into Loop Pay's corporate network, but could not penetrate the system that deals with payments.

The scary part of the story is that Codoso Group's hack into Loop Pay was carried out in March, but wasn't discovered until August. A group investigating the Codoso Group stumbled upon Loop Pay data. Loop Pay and Samsung both say that they are confident that all infected machines were removed, but some security experts say that it is premature to say exactly what the hackers were able to accomplish, since the hack was first discovered in August.


Samsung Pay launched in the U.S. on September 28th, after more than $30 million in transactions was rung up by the service in South Korea.



source: NYTimes

FEATURED VIDEO

40 Comments

36. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

No matter who they hack, hackers are a terrible bunch of people. The problem here liek with Darkkjedi and others is, they all want Samsung to fail at whatever attempt where they compete with Apple. Consider all payment system. The potential for any attack on ANY payment system is a serious threat. They could do something worse than take down pay services like Samsung Pay, Android Pay or Apple Pay; they could potentially bring down the total payment system of a country and ruin business for EVERYONE. When Visa was hacked account information was stolen, when Home Depot was hacked they got valuable information. The story plainly states, Sasmung PAy is on a totally different network and the hack was directed on Loop Pay specificailly to try to steal their MST Technology. Which means, instead of the Chinese trying to come up with their own concept, they weer trying to steal the technology details of how their MST system works so they could make their own. Did you not hear (even though it was an inside job) how the Chinese stole critical documents from the Pentagon of military hardware like plans and schematics for guns, tanks and planes? Its industrial espionage and yet the US now has a very close relationship with China who is simply out to ruin us and take over.

33. RELAXyougeeks

Posts: 24; Member since: Apr 07, 2015

This article is completely misleading. No consumer financial data is stored on samsung servers. Period.

29. flipjzn

Posts: 257; Member since: Jun 22, 2012

Uh-oh! Oh well........

26. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Another sensationalized headline like the previous one about the "T-Mobile partner" being hacked when it turned out to be Experian, the credit company. You can also tell who didn't actually read the article.

15. jeroome86

Posts: 2314; Member since: Apr 12, 2012

Hate in this digital age to have to worry about hackers. When they can be caught wish they would be punished to the max.

20. engineer-1701d unregistered

skin them and dump salt and vinegar on them

12. nctx77

Posts: 2540; Member since: Sep 03, 2013

This is what I hate about these half baked services by Samsung. It's going to affect mobile payments period.

17. willard12 unregistered

This is what I hate about the half baked trolls we're getting nowdays. They call services "half baked" even though Samsung Pay didn't even exist when this happpened and they weren't able to get any users' data. But when other events happen in which fraudulent transactions actually occur, they sit silent. https://vpncreative.net/2015/03/05/apple-pay-compromised-by-authentication-hacks/

28. osbert

Posts: 125; Member since: Jul 02, 2014

He didn't mention anything about any other company, stop reaching.

32. willard12 unregistered

He didn't mention anything about any other company and piled on one when nothing actually happened.....thanks, my point exactly. On the contrary, here were my thoughts when people used Apple Pay for fraudulent transactions. http://www.phonearena.com/news/Apple-Pay-used-in-fraudulent-transactions-involving-stolen-credit-card-data_id66884 "19. willard12 (Posts: 1297; Member since: 04 Jul 2012) It's not the same if the criminal doesn't actually have the cards but only has the data. But I agree IT'S NOT AN APPLE PROBLEM. It's a problem with banks and how they secure data and allow the verification. " You may want to stay in your lane.

43. osbert

Posts: 125; Member since: Jul 02, 2014

Nope. I'll take any lane I please. Particularly this one. Why are you reaching again? I couldn't care less about whether you are denigrating Apple, or you defend them and say it's the banks fault. In fact, personally I agree that the flaw lies in the banks and neither with Sammy or Apple. But my post stands, he might have incorrectly stated it is Samsung's fault, but he didn't mention anything about "other events". Create a new comment thread if you want to compare other events, or stay in the OP's lane yourself.

7. 99nights

Posts: 1152; Member since: Mar 10, 2015

This is why I won't use any mobile pay system or any kind off pay pass system and I've said this would happen since the beginning of NFC style mobile payments.

9. cncrim

Posts: 1590; Member since: Aug 15, 2011

Lol than you dont know what are you talking about, pay with nfc it is safest compare to give your credit/debit card to someone you dont know. NFC Is it token transaction(mean the number is only good for one time use) credit/debit is one number can be use over and over. I guess in your case best one will be cash then until buy something is not same as advertise.

13. 99nights

Posts: 1152; Member since: Mar 10, 2015

That's why i said since the beginning of nfc style payments (which what they are)... dude read it properly instead of making yourself out to be a fool who can't read.

19. RoboticEngi

Posts: 1251; Member since: Dec 03, 2014

So you also don't use banks? I clearly remember several big US banks being hacked for more than 6 months.......or is that OK, when it wasn't samsung?

27. osbert

Posts: 125; Member since: Jul 02, 2014

[libelous citation needed]

40. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Samsung wasn't hacked here either. Starbucks app was hacked which allowed hackers to take money from peoples bank accounts...NO MATTER THE BANK. BofA, Citi and US Bank have all been hacked more than once.

39. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

What happened? They didnt hack the payment service. So what exactly happened? Do you even know? NO BECAUSE YOU ARE AN ILLITERATE BLIND HALF READING UNEDUCATED MORON. "Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay." Learn to read and comprehend. The LoopPay internal office network is what was hacked. Not the LoopPay payment system that Samsung purchased.

6. j2001m

Posts: 3061; Member since: Apr 28, 2014

What a loads of crap, it's like me saying Apple Pay got hacked because hackers got into Apple network just before Apple came out last year, as this did happen, what a load of crap The payment side of thing will be way more score than an office network The best part is Samsung moved to tokens anyways over the none token system loop pay was using and why it's not working with all banks in the USA, as this as to be linked to the banks, so the hackers will have got nothing from there hack at the time even if they got in the payment side, hahhahahahahhahahahhahahahh what a joke report

11. cncrim

Posts: 1590; Member since: Aug 15, 2011

Samsung pay is token base....... so it is best and safest away to shop anywhere, i trust it better more than debit with pin

5. tedkord

Posts: 17532; Member since: Jun 17, 2009

These headlines. The corporate systems were hacked, not Samsung Pay. I've had constant free credit monitoring for years now because of data breaches. My Home Depot monitoring just expired, but the monitoring for a breach at a charity that I donated an old car to started last month. It's getting ridiculous, all these scumbags stealing.

34. 8ozchickenbreast unregistered

Why do you shop at Home Depot? Their stuff is absolute low quality crap that fails often. Cheap wood, cheap tools, screws break, nails snap, etc. Dont you have a Rings End or some other bang for your buck place around?

38. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Millions of contractors here use Home Depot. They sell the same stuff sold at Lowe's and may other hardware store like Ace. No one is complaining about quality. You don't have to buy Home Depot branded products, you can buy other brand name products from them. You know this...right?

41. 8ozchickenbreast unregistered

No one is complaining about quality? Lol you are silly. Ive been working around contractors and carpenters my whole life. Home Depot is sh*t quality.

2. joevsyou

Posts: 1093; Member since: Feb 28, 2015

was before wide release, two they couldn't hack into the payment data, companies get targeted by hackers all the time so nothing really shocking there, It's a constant battle and like it or not it's going to happen but This just shows the security net for the payment data is much higher.

22. DoggyDangerous

Posts: 1028; Member since: Aug 28, 2015

dude, why we dont use just cash? I think crime rate is very high in america. ppl afraid to carry cash

37. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Becaus eif I want to go buy a car and make a $10,000 downpayment, I would be foolish to carry cash. Because if your cash is stolen its lost. Cash on a card is protected by the bank. If you card is stolen or lost and then found and used and you reported it lost or stolen, you wont be held responsible for those charges and you get reimbursed almost immediately. Its not about crime per se. If you have a wallet full of cash and you drop it, you are SOL. Cards are safer, practical, will keep you from getting killed and the risk is far less. Has nothing to do with just crime. Even though armed robberies do happen here, they are not prevalent. Most people who get killed here, were not being robbed. Now if you carry an iPhone you might get killed as people will snatch them out your hand. That si why Apple added activation locks, something Samsung and Google had already. So if some steals your phone, it is locked to your email account and remote wipe capabilities were also introduced.

1. darkkjedii

Posts: 31809; Member since: Feb 05, 2011

Not good!

3. TheMan

Posts: 494; Member since: Sep 21, 2012

Nope. that didn't take long...

14. BobbyBuster

Posts: 854; Member since: Jan 13, 2015

Typical for Sammy. Now Samsung Pay will be renamed to Samsung Pray or Samsung Prey.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless