It’s likely CentOS 7.9, which was released in Nov. 2020 and shipped with kernel version 3.10.0-1160. It’s not completely ridiculous for a one year old POS systems to have a four year old OS. Design for those systems probably started a few years ago, when CentOS 7.9 was relatively recent. For an embedded system the bias would have been toward an established and mature OS, and CentOS 8.x was likely considered “too new” at the time they were speccing these systems. Remotely upgrading between major releases would not be advisable in an embedded system. The RHEL/CentOS in-place upgrade story is… not great. There was zero support for in-place upgrade until RHEL/CentOS 7, and it’s still considered “at your own risk” (source).

The money came from products they sold online as well as their OnlyFans sites

Why do these guys have OnlyFans revenue? I doubt they’re selling pics of themselves. Why would the models featured in those sites not cut out the Tate brothers and just deal with OnlyFans directly? The models provide the content, OnlyFans provides the platform… so what value do the Tate brothers provide? I have to imagine the answer to the first question is “threats” and the answer to the second is “nothing.” These guys are just digital pimps.

Key resellers are really, truly awful. In many cases the keys are purchased from legitimate sites using stolen credit card numbers. The key resellers plead ignorance as to where the keys come from, but it’s an open secret at this point. If you don’t want to pay the Steam/Gog price, piracy is less awful because you won’t be fueling a criminal enterprise and there’s no chance your Steam/Gog account will get a stolen key revoked.

Credit card fraud and software keys actually ends up being paid for by the rest of us. Fraudulent transactions and chargebacks lead to higher merchant fees, and those costs end up getting passed on to legitimate purchasers.