- Hackers appear to have breached "hundreds" of Oracle computer systems, including its MICROS point-of-sale credit card payment system, according to a KrebsOnSecurity report.
- MICROS point-of-sale systems are used at more than 330,000 cash registers worldwide.
- Investigators say the intrusion at Oracle may have impacted more than 700 systems.
The Carbanak Gang, a Russian cybercrime group that specializes in hacking into banks and retailers, is suspected in the attack. Though Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems" and has asked MICROS customers to reset their passwords, the company declined to answer direct questions about the breach.
Meanwhile, sources told KrebsonSecurity that the intruders put "malicious code" on the MICROS support portal, which allowed the attackers access to steal both MICROS usernames and passwords once customers logged on to the support site.
Point of sale attacks have led to thefts of customer data at retailers like Target and Home Depot and at several large hotel chains over the last few years. Omni Hotels & Resorts, Starwood Hotels & Resorts Worldwide, Hilton Worldwide Holdings, Hyatt Hotels and Trump Hotel Collection all experienced data breaches aimed at consumers' debit and credit card information in the last year.
"This (incident) could explain a lot about the source of some of these retail and merchant point-of-sale hacks that nobody has been able to definitively tie to any one point-of-sale services provider," Avivah Litan, a fraud analyst at Gartner told KrebsonSecurity.