UPDATED 00:27 EDT / AUGUST 09 2016

NEWS

Hackers compromise Oracle’s MICROS point-of-sale division, steal passwords

A Russian, organized cyber crime group has breached hundreds of computer systems at Oracle Corp., according to an influential security blog.

KrebsOnSecurity claims that the hackers have compromised the customer support portal for companies using Oracle’s MICROS unit, a division that manufactures and sells computer hardware, software, and services for the restaurant point of sale, hotel, hospitality, specialty retail markets and other similar markets.

Said to be among the top three point of sales providers in the world, MICROS systems are used at more than 330,000 cash registers worldwide including some 200,000 food and beverage outlets, 100,000 retail sites, and more than 30,000 hotels.

The full extent of the hack is unknown, however what is known is that the hackers planted malware in MICROS systems that delivered them access to usernames and passwords of customers who logged into the support site.

Oracle, while not confirming how bad the breach was, did say that it had “detected and addressed malicious code in certain legacy MICROS systems;” in addition the company was asking all MICROS customers to reset their passwords for the MICROS support portal.

Russian links

While on the surface that hack doesn’t seem over the top, links to Russian cyber criminals suggest that it may be deeper than simply hijacking usernames and passwords on a support forum.

According to sources quoted by Krebs, the MICROS customer support portal was communicating with a server run by the Carbanak Gang, a group that is part of a Russian cyber crime syndicate suspected of stealing over $1 billion from various groups over the last few years; the same person claims that once an initial system was compromised, the open door led to other systems being accessed.

Oracle said in a letter to MICROS users that its “corporate network and Oracle’s other cloud and service offerings were not impacted by this code,” and that its “payment card data is encrypted both at rest and in transit in the MICROS hosted environment” meaning that at no stage were customer credit and debit card details revealed.

Image credit: Pixabay/Public Domain CC0

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.