Oracle data breach opened credit card payment systems to attack

Intruders might have had a gateway to stealing your payment details.

Sponsored Links

Justin Sullivan/Getty Images
Justin Sullivan/Getty Images

Data thieves don't always have to go straight to the source to swipe payment details... sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It's not certain just how many systems were breached (Krebs' sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn't have had direct access to payment data, but there's a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.

Oracle is quick to stress that it has "addressed" the rogue code, and that its other services weren't affected. The payment details themselves are encrypted both in the database and when in use, too, so attackers couldn't easily make use of it. However, there are hints that a well-known Russian criminal group, the Carbanak Gang, may have been involved -- the hackers likely knew what they could get. And when Micros' users include heavyweights like Adidas, Burger King and Hilton, there's a worry that the culprits got the keys to someone's kingdom.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget