This problem reinforces the conclusion made in a recent Verizon cybersecurity report: that retailers get hacked because they're lazy. Retail computer networks get exposed to computer viruses all the time. A nasty keystroke-logging spy software ended up on the computer a store uses to process credit card transactions.
It turns out employees had rigged it to play a pirated version of Guitar Hero, and accidentally downloaded the malware.
The passcode, set by default on credit card machines since 1990, is easily found with a quick Google searach and has been exposed for so long there's no sense in trying to hide it.
It's either 166816 or Z66816, depending on the machine. No wonder big retailers keep losing your credit card data to hackers. This latest discovery comes from researchers at Trustwave, a cybersecurity firm.
"We're making it pretty easy for criminals." Trustwave examined the credit card terminals at more than 120 retailers nationwide.
That includes major clothing and electronics stores, as well as local retail chains. The vast majority of machines were made by A spokesman for Verifone said that a password alone isn't enough to infect machines with malware.
"It shows you the level of access that a lot of people have to the point-of-sale environment," he said.
Device makers sell machines to special distributors. But no one thinks it's their job to update the master code, Henderson told CNNMoney.
Administrative access can be used to infect machines with malware that steals credit card data, explained Trustwave executive Charles Henderson.He detailed his findings at last week's RSA cybersecurity conference in San Francisco at a presentation called "That Point of Sale is a Po S." The problem stems from a game of hot potato.