[BreachExchange] Oracle investigating data breach at Micros point-of-sale division

[Audrey McNeil]

http://www.zdnet.com/article/oracle-said-to-be-investigating-data-breach-at-
point-of-sale-division/

Oracle has confirmed that it's investigating a breach of its Micros
division.

Security journalist Brian Krebs, who first covered the story, said that
hackers had compromised hundreds of systems at the software giant's
point-of-sale division, and broken into a support portal used by customers
of the devices.

Oracle confirmed the breach in an email to ZDNet, saying it had "detected
and addressed malicious code in certain legacy Micros systems," but added
that Oracle's own systems, corporate network, and other cloud and service
offers were not impacted.

Users will have to change their account passwords immediately, the company
said in the letter, which will go out to Micros customers in the coming
days.

Krebs said that Oracle may be concerned that the hacker group responsible
for the breach installed malware on the support portal in an effort to
scrape usernames and passwords as they were entered. Those account
credentials may be used to remotely administer and access point-of-sale
devices located in customers' retail outlets.

The company said that payment data isn't at risk, as that information is
encrypted both at rest and in transit.

Micros devices are currently deployed at over 330,000 sites across 180
countries.

Point-of-sale devices are increasingly a target for hackers. In recent
months, dozens of machines at Starwood and Hilton hotels were impacted by
malware, with the aim of poaching payment and card data, which can be used
or sold on to the highest bidder.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160808/b2fd7d84/attachment.html>