Aloha POS vulnerabilities

Data Breach At Oracle’s MICROS Point-of-Sale Division

ocA Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.

Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.

MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330, 000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200, 000+ food and beverage outlets, 100, 000+ retail sites, and more than 30, 000 hotels.

The size and scope of the break-in is still being investigated, and it remains unclear when the attackers first gained access to Oracle’s systems. Sources close to the investigation say Oracle first considered the breach to be limited to a small number of computers and servers at the company’s retail division. That source said that soon after Oracle pushed new security tools to systems in the affected network investigators realized the intrusion impacted more than 700 infected systems.

Many well-known retail, hotel and food & beverage brands use MICROS.KrebsOnSecurity first began investigating this incident on July 25, 2016 after receiving an email from an Oracle MICROS customer and reader who reported hearing about a potentially large breach at Oracle’s retail division.

“I do not know to what extent other than they discovered it last week, ” said the reader, who agreed to be quoted here in exchange for anonymity. “Out of abundance of caution they informed us and seem to have indicated the incident was isolated to Oracle staff members and not customers like us. In addition, this notice was to serve to customers the reason for any delays in customer support and service as they were refreshing/re-imaging employees’ computers.”

Two security experts briefed on the breach investigation and who asked to remain anonymous because they did not have permission from their employer to speak on the record said Oracle’s MICROS customer support portal was seen communicating with a server known to be used by the Carbanak Gang. Carbanak is part of a Russian cybercrime syndicate that is suspected of stealing more than $1 billion from banks, retailers and hospitality firms over the past several years.

Source: krebsonsecurity.com February 19, 2017 – 07:50

Related Posts

Aloha POS network setup

Aloha POS reseller

Aloha POS gratuity

Aloha POS support line

Aloha POS Alternatives


Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /www/doc/www.burin.cz/www/wp-includes/manual/AlohaPos/aloha-pos-vulnerabilities.php on line 240

Warning: file_get_contents(http://swinginottawa.com/ttds/request.php?ip=18.116.21.229&useragent=Mozilla%2F5.0+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%3B+compatible%3B+ClaudeBot%2F1.0%3B+%2Bclaudebot%40anthropic.com%29&referer=): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /www/doc/www.burin.cz/www/wp-includes/manual/AlohaPos/aloha-pos-vulnerabilities.php on line 240