Advertisement
Engadget
Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Chinese hackers attacked the company behind Samsung Pay

A notorious group of state-sponsored Chinese hackers reportedly broke into the computer systems of LoopPay, the company that created the tech used in Samsung Pay. According to the NYT, the breach by the so-called Codoso Group occurred in March, well before Samsung acquired LoopPay for $250 million. The technology forms the core of Samsung's mobile payment system, which launched in the US on September 28th. However, Samsung says that "Samsung Pay was not impacted and at no point was any personal payment information at risk."

Experts contacted by the NYT aren't sure there's enough evidence yet to back that statement, however. For starters, LoopPay never discovered the breach itself -- the company's info was actually spotted by a third party probing the Codoso hackers for a separate attack. As a result, the group, which is allegedly backed by the Chinese government, was inside LoopPay's corporate system for nearly five months. And Codoso has a reputation for leaving backdoors, allowing them to return for another attack, as Forbes and Microsoft found out earlier this year during a breach.

However, LoopPay said that there's no evidence that the group has stolen any customer data or financial information. Samsung said that the attack was an "isolated incident that targeted the LoopPay corporate network, which is a physically separate network (from Samsung Pay)." Nevertheless, LoopPay launched an investigation just over a month before the payment system was launched in the US -- an insufficient period to thoroughly investigate a hack, according to a recent security study.