Oracle Systems Hacked Via MICROS Online Support Portal

Oracle Corp. has fallen victim to a computer hack that spans hundred of systems and was allegedly conducted by a Russian organized cybercrime group. According to Krebs on Security, hackers compromised a customer support portal for companies that use Oracle’s MICROS point-of-sale credit card payment system, which is used at more than 330,000 cash registers at hotels, restaurants and retail shops worldwide. 

Author Brian Krebs went on to note that when asked about the data breach at Oracle, the company said it “detected and addressed malicious code in certain legacy MICROS systems” and that it is requesting all of its MICROS customers to reset their password for the online support portal.

It is not clear how big the breach is and how many customers it may have impacted. It’s also not clear how the bad guys first got into Oracle’s systems. The report, citing sources close to the investigation, said Oracle first thought the breach was limited to a small amount of computers and servers at the retail unit of Oracle, but the software company realized it impacted many more right after it pushed new security tools to systems in the network that was affected. The hack reached more than 700 systems.

Krebs on Security started looking into the breach on July 25 after an Oracle MICROS customer and reader alerted them to the hack. Two security experts who were briefed on the breach and the subsequent investigation said Oracle’s MICROS customer support portal was communicating with a server that is widely known to be used by the Carbanak Gang, which is part of a Russian cybercrime syndicate that is accused of stealing more than $1 billion in computer hacks on banks, retailers and hospitality companies.