The Channel

Big Red alert: Oracle's MICROS payment terminal biz hacked

Shops, hotels worldwide warned after support portal pwned

By Shaun Nichols in San Francisco


Hackers infected hundreds of computers within Oracle, infiltrated the support portal for its MICROS payment terminals division, and potentially accessed sales registers all over the world.

The miscreants installed malware on the troubleshooting portal to capture customers' usernames and passwords as they logged in. These credentials can be used to access their accounts and remotely administer their MICROS point-of-sales (POS) terminals.

The ranks of MICROS customers are said to include a number of major retail chains as well as hotels, with systems installed in more than 330,000 sites in 180 countries. Whoever broke into the database giant's systems potentially had control over all those payment terminals, and clearly hit the jackpot.

In a memo sent this month to MICROS customers, businesses were told to reset their current and former MICROS account passwords – particularly any passwords used by MICROS staff to remotely control any on-site payment terminals.

"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems," reads the letter from Big Red.

According to the warning note, while its MICROS division was ransacked by hackers, Oracle's corporate network and cloud systems were not compromised, and that people's payment card details are stored encrypted in transit and at rest – meaning, hopefully, whoever hacked the corporation didn't get at people's credit and debit card numbers.

Investigative journo Brian Krebs suspects the infiltration affected as many as 700 computers within Oracle and is the work of a Russian malware gang targeting POS systems.

Oracle acquired MICROS, which makes and supports retail and hotel sales terminals, in 2014 in a $5bn acquisition deal. Oracle is still probing the security breach at its payment terminal division.

POS terminals – or, as most of us just call them, "cash registers" – have emerged as the favorite target for many cybercriminal gangs looking for a cheap and easy way to capture huge quantities of payment cards.

By breaching a retailer's internal network and infecting the individual terminals with malware, criminals can collect millions of valid card numbers in a relatively short amount of time. The most notable example of this was the 2013 breach of Target that resulted in some 40 million customer payment cards and ended up costing the retailer hundreds of millions of dollars. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle Linux and VM get their innoculations

Oracle Access Manager is a terrible doorman: Get patching this bug

Security tool can be gamed to let any old riffraff into data

Umm, Oracle – about that patch? It might not be very sticky ...

Security researcher says WebLogic fix can be bypassed, posts proof-of-concept

Hurry up patching those Oracle bugs: Attackers aren't waiting

Honeypots swarmed on within three hours of patch release

Git security vulnerability could lead to an attack of the (repo) clones

Best git patching y'all

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Oracle point-of-sale system vulnerabilities get Big Red cross

Patched, Oracle? Speedily

OpenFlow protocol has a switch authentication vulnerability

It's old, it's everywhere and it's not likely to be fixed in a hurry

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed

And Oracle E-biz suite makes 3: Package also vulnerable to exploit used by cryptocurrency miner

Hat trick!