LoopPay, the technology acquired by Samsung in its bid to differentiate itself from Apple Pay, was reportedly breached months ago by a Chinese hacking group looking to replicate its technology, Samsung has confirmed.
The LoopPay network is physically separate from Samsung Pay, according to Samsung, and neither the phone-based payment service, nor any customer records of the service were impacted by the breach.
Multiple reports suggest the breach, believed to be conducted by a China-based hacking group known as Codoso Group or Sunshock Group, was cyber espionage aimed at collecting information on the company’s technology and intellectual property rather than a cyber theft aimed at stealing data and consumer information for accessing payment accounts.
Cyber espionage has been a hallmark of the Codoso hacking group. In fact, in February it was reported that the group had breached Forbes and other targets last December with capturing intellectual property as its objective once again.
“These guys don’t typically just put drive-bys anywhere. They don’t want anybody’s information,” John Hultquist, senior manager of cyber espionage threat intelligence for iSight, told the site Dark Reading back in January in relation to the breaches on Forbes and others. “What they want is information associated with the requirements that they have. Usually those requirements are gathering intelligence on intellectual property, gathering strategic intelligence, gathering information on say dissidents or security issues that they are working.”
LoopPay has been considered the differentiator between Samsung Pay and Apple Pay because LoopPay’s magnetic secure technology (MST) allows Samsung phone users to make payments at the magnetic stripe terminals still prevalent in the U.S. as well as at new EMV chip card terminals that support Apple Pay. It was the MST technology that the hackers were reportedly after, the New York Times reported.
Still, the news of the breach comes at an inopportune time for Samsung Pay, which just launched its service in the U.S. late last month in its bid to challenge Apple Pay.
Apple Pay, which launched a year ago, has also faced security challenges, despite the fact that it touted tokenization and touch ID as features that made the service extremely secure. Apple Pay issuers have seen account takeover fraud from holes in the provisioning process, according to several reports, including a Drop Labs blog at the time.