Hackers infected hundreds of computers within Oracle, infiltrated the support portal for its MICROS payment terminals division, and potentially accessed sales registers all over the world.
The miscreants installed malware on the troubleshooting portal to capture customers' usernames and passwords as they logged in. These credentials can be used to access their accounts and remotely administer their MICROS point-of-sales (POS) terminals.
The ranks of MICROS customers are said to include a number of major retail chains as well as hotels, with systems installed in more than 330,000 sites in 180 countries. Whoever broke into the database giant's systems potentially had control over all those payment terminals, and clearly hit the jackpot.
In a memo sent this month to MICROS customers, businesses were told to reset their current and former MICROS account passwords – particularly any passwords used by MICROS staff to remotely control any on-site payment terminals.
"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems," reads the letter from Big Red.
According to the warning note, while its MICROS division was ransacked by hackers, Oracle's corporate network and cloud systems were not compromised, and that people's payment card details are stored encrypted in transit and at rest – meaning, hopefully, whoever hacked the corporation didn't get at people's credit and debit card numbers.
Investigative journo Brian Krebs suspects the infiltration affected as many as 700 computers within Oracle and is the work of a Russian malware gang targeting POS systems.
Oracle acquired MICROS, which makes and supports retail and hotel sales terminals, in 2014 in a $5bn acquisition deal. Oracle is still probing the security breach at its payment terminal division.
POS terminals – or, as most of us just call them, "cash registers" – have emerged as the favorite target for many cybercriminal gangs looking for a cheap and easy way to capture huge quantities of payment cards.
By breaching a retailer's internal network and infecting the individual terminals with malware, criminals can collect millions of valid card numbers in a relatively short amount of time. The most notable example of this was the 2013 breach of Target that resulted in some 40 million customer payment cards and ended up costing the retailer hundreds of millions of dollars. ®