Business

The Channel

Big Red alert: Oracle's MICROS payment terminal biz hacked

Shops, hotels worldwide warned after support portal pwned

By Shaun Nichols in San Francisco

18 SHARE

Hackers infected hundreds of computers within Oracle, infiltrated the support portal for its MICROS payment terminals division, and potentially accessed sales registers all over the world.

The miscreants installed malware on the troubleshooting portal to capture customers' usernames and passwords as they logged in. These credentials can be used to access their accounts and remotely administer their MICROS point-of-sales (POS) terminals.

The ranks of MICROS customers are said to include a number of major retail chains as well as hotels, with systems installed in more than 330,000 sites in 180 countries. Whoever broke into the database giant's systems potentially had control over all those payment terminals, and clearly hit the jackpot.

In a memo sent this month to MICROS customers, businesses were told to reset their current and former MICROS account passwords – particularly any passwords used by MICROS staff to remotely control any on-site payment terminals.

"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems," reads the letter from Big Red.

According to the warning note, while its MICROS division was ransacked by hackers, Oracle's corporate network and cloud systems were not compromised, and that people's payment card details are stored encrypted in transit and at rest – meaning, hopefully, whoever hacked the corporation didn't get at people's credit and debit card numbers.

Investigative journo Brian Krebs suspects the infiltration affected as many as 700 computers within Oracle and is the work of a Russian malware gang targeting POS systems.

Oracle acquired MICROS, which makes and supports retail and hotel sales terminals, in 2014 in a $5bn acquisition deal. Oracle is still probing the security breach at its payment terminal division.

POS terminals – or, as most of us just call them, "cash registers" – have emerged as the favorite target for many cybercriminal gangs looking for a cheap and easy way to capture huge quantities of payment cards.

By breaching a retailer's internal network and infecting the individual terminals with malware, criminals can collect millions of valid card numbers in a relatively short amount of time. The most notable example of this was the 2013 breach of Target that resulted in some 40 million customer payment cards and ended up costing the retailer hundreds of millions of dollars. ®

Sign up to our NewsletterGet IT in your inbox daily

18 Comments

More from The Register

Oracle: Run, don't walk, to patch this critical Database takeover bug

Flaw in House Larry's flagship product allows 'complete compromise' of servers

Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle Linux and VM get their innoculations

You dirty DRAC: IT bods uncover Dell server firmware security slip

Weakness not easy to leverage, but iDRAC exploit would mean game over for admins

SoftNAS no longer a soft touch for hackers (for now)... Remote-hijacking vulnerability patched

Your files are someone else's files, too, thanks to storage bug

Oracle Access Manager is a terrible doorman: Get patching this bug

Security tool can be gamed to let any old riffraff into data

Umm, Oracle – about that patch? It might not be very sticky ...

Security researcher says WebLogic fix can be bypassed, posts proof-of-concept

Hurry up patching those Oracle bugs: Attackers aren't waiting

Honeypots swarmed on within three hours of patch release

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Git security vulnerability could lead to an attack of the (repo) clones

Best git patching y'all

Oracle Database 18: Now in downloadable Linux flavour

Oh, and Windows, but cool kids don't use that