Russian Mafia Suspected in Oracle Point-of-Sale Breach
The support portal for Oracle’s MICROS point-of-sale (POS) credit card system, which is used at more than 330,000 cash registers in 180 countries, has been breached.
The company has confirmed it has “detected and addressed malicious code in certain legacy MICROS systems,” and is asking MICROS customers to reset their online support portal passwords.
While a source close to the investigation told KrebsOnSecurity that the company initially thought the breach was limited to a small number of computers and servers, they now believe more than 700 systems may have been impacted.
The hackers initially breached a single system inside the Oracle network and then spread from there. The “ticketing portal,” which allows MICROS users to remotely troubleshoot POS systems problems, was one of these breached systems. The hackers placed malware on this portal, which allowed them to steal usernames and passwords when customers logged in for support. While credit card information is not currently at-risk, the hackers could use this stolen login information to hack credit card systems and then grab payment information.
Oracle wants to assure customers that “payment card data is encrypted both at rest and in transit in the MICROS hosted customer environments,” and the breach did not affect its other corporate networks, cloud services or systems.
Security experts working on the case said they saw the customer support portal communicating with a server known to be used by the Carbanak gang, which is a part of the Russian mafia. They are suspected of stealing more than $1 billion from banks and retailers over the past few years.