Oracle data breach opened credit card payment systems to attack

By Jon Fingas for Engagenet

Data thieves don’t always have to go straight to the source to swipe payment details… sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It’s not certain just how many systems were breached (Krebs’ sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn’t have had direct access to payment data, but there’s a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.

 

Oracle is quick to stress that it has “addressed” the rogue code, and that its other services weren’t affected. The payment details themselves are encrypted both in the database and when in use, too, so attackers couldn’t easily make use of it. However, there are hints that a well-known Russian criminal group, the Carbanak Gang, may have been involved — the hackers likely knew what they could get. And when Micros’ users include heavyweights like Adidas, Burger King and Hilton, there’s a worry that the culprits got the keys to someone’s kingdom.

First appeared at Engagenet