Oracle’s Point-of-service Division MICROS Suffers Massive Data Breach Possibly by Russian Hackers
This year seems to be the year of data breaches because the trend of hacking full-fledged databases of even the most secure companies is rising at a steady pace. It is a fact that there is no such industry left that hasn’t been affected by this recent surge in data breaches. We have seen more than a billion user IDs being leaked online and this news is about another well-known firm being targeted by these threat specialists, Oracle.
Yes, this is indeed true! Oracle’s MICROS division has been hit by attackers. It must be noted that MICROS is the world’s third most popular point-of-sale service, which was acquired by Oracle in 2014. So, reports suggest that the POS division of Oracle has suffered a massive data breach since countless computers of the company were hacked. The hackers utilized the customers’ support portals to penetrate the systems and gained access to the company’s sales registers across the globe.
An employee at Oracle identified the breach after observing malicious code on the support portal of MICROS. It was later learned that malware was installed on the troubleshooting portal. This feat allowed hackers to gain access to users’ credentials as soon as they logged in and then they used the information to access the user accounts and control the POS terminals of MICROS remotely.
Oracle quickly informed its users and businesses to modify their login credentials on MICROS online support portals. The company’s official statement read:
“Oracle Security has detected and addressed malicious code in certain legacy MICROS systems. Oracle’s Corporate network and other cloud and service offerings were not impacted by this code. Payment card data is encrypted both at rest and in transit in the MICROS hosted environment… Consistent with standard security remediation protocols, Oracle [requires] MICROS customers to change the passwords for all MICROS accounts.”
Although the whereabouts of malicious actors who planned the attack haven’t been confirmed by Oracle but speculations from Krebs on security are that a Russia-based gang Car bank Gang is responsible for this security breach. In the past, the same gang has been accused of stealing a whopping amount of $1 billion from various retail outlets and banks through similar hack attacks.
We are yet unaware of the actual scope of this data breach but we can confirm that around 700 computer systems were affected by the attack. However, the company maintains that the payment data of all of its customers is encrypted at both ends, that is, at rest and in transit and hence, hackers cannot make use of it at all.