First, it was Oracle Corp. and its MICROS customers that were getting hacked, and now, it appears more cash register vendors are falling victim to hacks that were allegedly conducted by the same Russian organized cybercrime group.
That’s according to Forbes, which said it was informed by five cash register providers of the breach. According to the report, in the last month, Cin7, ECRS, Navy Zebra, PAR Technology and Uniwell were all hacked. Forbes said the hackers found weaknesses in the point-of-sale system vendors’ servers and then went to work exploiting them. The hackers tried to steal passwords of retail customers and tried to gain access to retailers’ point-of-sale computers to access customers’ data, such as credit card information. It’s not clear if any sensitive data was stolen from the vendors.
The latest attack by the Russian organized crime group was on Oracle’s MICROS customers, first spotted by Krebs on Security. Krebs said earlier this week that hackers compromised a customer support portal for companies that use Oracle’s MICROS point-of-sale credit card payment system, which is used at more than 330,000 cash registers at hotels, restaurants and retail shops worldwide.
Krebs went on to note that, when asked about the data breach at Oracle, the company said it “detected and addressed malicious code in certain legacy MICROS systems,” and it is requesting all of its MICROS customers to reset their password for the online support portal. It is not clear how big the breach is and how many customers it may have impacted. It’s also not clear how the bad guys first got into Oracle’s systems. The report, citing sources close to the investigation, said Oracle first thought the breach was limited to a small amount of computers and servers at the retail unit of Oracle, but the software company realized it impacted many more right after it pushed new security tools to systems in the network that was affected. The hack reached more than 700 systems.