It’s not yet known how large the data breach is, but a source tells Krebs On Security it may affect up to 700 systems. A hacker collective known as the Carbanak Gang (which Krebs refers to as “a Russian organized cybercrime group” because it has been accused of stealing over $1 billion from banks and retailers over the past few years) is believed to be responsible.
Oracle acknowledges the hack, saying it “detected and addressed malicious code in certain legacy MICROS systems” and has asked customers to change passwords associated with MICROS point-of-sale accounts.
Researchers think the breach began with a single system inside Oracle’s network, and was spread through a “ticketing portal” (think Jira) MICROS uses to help customers.
From there, hackers were able to steal usernames and passwords from MICROS users when they logged into the Web portal to check on tickets or manage their accounts.
It’s not known how — or if — this affects you. The likely scenario is that hackers gained access to MICROS specifically to put malware onto point-of-sale machines to steal your credit card info, but Oracle is still investigating the breach and isn’t publicly saying how deep this goes.
But if retailers start announcing they’ve been compromised, this may be why.