Oracle’s MICROS systems handle credit card payments at some 330,000 cash registers worldwide. And they’ve fallen victim to a major breach, possibly spearheaded by a group of Russian cybercriminals. That could put a whole lot of personal information at risk.
Late last month, security researcher Brian Krebs received a tip that Oracle MICROS systems may have been compromised. On investigating further, he confirmed that the MICROS customer support portal had been accessed by a server associated with the Carbanak Gang, a Russian syndicate that Krebs says “is suspected of stealing more than $1 billion from banks, retailers and hospitality firms over the past several years.”
It appears that the intruders loaded the MICROS portal with malware, which then went on to log the usernames and passwords of customers when they logged on.
Oracle confirmed the intrusion in a letter to MICROS customers, which it also sent to WIRED in lieu of a statement.
“Oracle Security has detected and addressed malicious code in certain legacy MICROS systems,” the letter reads. “Oracle’s Corporate network and Oracle’s other cloud and server offerings were not impacted by this code.”
At this point the extent of the damage isn’t entirely clear. Certainly any business that uses the MICROS support portal should consider its credentials compromised. Oracle is requiring all MICROS customers to change their account passwords.
The real question, as Krebs notes, is whether the hackers were able to use those pilfered credentials to upload malware that stole credit card information, a much more serious breach for consumers. Oracle says that payment data is encrypted “both at rest and in transit in the MICROS hosted environment,” but that could imply that the devices that actually interact with your credit cards in stores could still have been compromised.
“It is not unreasonable to assume that many point-of-sale systems have …