Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Breach At Oracle's MICROS Point-of-Sale Division (krebsonsecurity.com)

Posted by msmash on from the vulnerable-systems dept.

Brian Krebs reports: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems." It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal. MICROS is among the top three point-of-sale vendors globally. Oracle's MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS's systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

33 comments

  1. We all saw this coming by npslider · · Score: 5, Funny

    Oracle IT must have forgotten to update to the latest version of Java.

    1. Re:We all saw this coming by NotInHere · · Score: 4, Funny

      They didn't want to accidentially install the free Ask! toolbar.

    2. Re:We all saw this coming by Anonymous Coward · · Score: 0

      this is what corporations do, they sodomize everybody....

    3. Re:We all saw this coming by npslider · · Score: 1

      From java.com:

      "What are the features of the Ask Shopping toolbar?

      The Shopping toolbar by Ask enhances user shopping experience by offering an enhanced shopping search results, links to popular shopping sites and/or content such as coupons, special offers and the latest deals from many merchants. It includes rich content, a variety of product listings and visual product search results."

      Why wouldn't they want this? It seems like it would only benefit customers who want an enhanced shopping experience...

    4. Re:We all saw this coming by Anonymous Coward · · Score: 1

      Which, I believe, is version 8 build 94726875872565651898209049982

      As we all know, the major improvement over build 94726875872565651898209049981 is to patch 864 zero day vulnerabilities that were discovered 4 months ago.

    5. Re:We all saw this coming by Anonymous Coward · · Score: 0

      I thought is said, "Larry Ellison's Oriface Compromised at Point of Sale" and I thought, "Now that is an enhanced shopping experience I don't need!"

    6. Re:We all saw this coming by Anonymous Coward · · Score: 1

      I worked at Micros for about 5 minutes. If you only know the total ineptness around that place and the total I don't care attitude that everyone has, you would know why their systems are complete crap. Go into their SAAS services and now you have total joke, there was a time where they had an outage everyday and about 70% uptime. Couldn't work there had to leave.

    7. Re:We all saw this coming by Anonymous Coward · · Score: 0

      It's impossible.... servers was running unbreakable enterprise kernel

    8. Re:We all saw this coming by Anonymous Coward · · Score: 0

      "enhanced shopping experience"

      aka - corporate handjob

    9. Re:We all saw this coming by Tablizer · · Score: 1

      What, no ability to leverage synergy? Bah!

      --
      Table-ized A.I.
    10. Re:We all saw this coming by The+Snowman · · Score: 1

      Five minutes? I worked there for more than five years and I am still amazed at the ineptitude and laziness I encountered there. Some individuals took their jobs seriously, but the whole work environment was all about who's dick you were sucking and trying to be groomed for promotion into a job where you did nothing and got paid a lot.

      Oh, we need to do stuff about security like protecting passwords or credit card data? Meh, spend five minutes on it until the next customer complains then move on. If you don't have enough time to fix a problem, we'll just dump it in the customer's lap and tell them to take a hike because we already completed the contract and cashed their check per SOX requirements.

      This breach and its ramifications do not surprise me one bit. I would be extremely surprised if this was the first breach, and we just did not know about previous ones. That happens when you fire half of MIS, slash their budget, and burden them with arbitrary, nonsensical constraints that prevent them from doing their jobs.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. hahahaahahaha by Anonymous Coward · · Score: 0

    YES

    1. Re:hahahaahahaha by Anonymous Coward · · Score: 2, Funny

      Trump asked Russia to find Oracle's emails.

    2. Re:hahahaahahaha by npslider · · Score: 1

      They did recover the emails, but to everyone's shock and dismay, it was the same message over and over again:

      ALL YOUR DATABASES ARE BELONG TO US!

  3. UNBREAKABLE LINUX by Anonymous Coward · · Score: 1

    But I thought it was unbreakable?

    1. Re:UNBREAKABLE LINUX by Anonymous Coward · · Score: 0

      But I thought it was unbreakable?

      I doubt that the PoS systems are running UEK but nice try...

    2. Re:UNBREAKABLE LINUX by stackOVFL · · Score: 1

      Inconceivable!

  4. This just in! by Anonymous Coward · · Score: 0

    Data breach at (insert company name here)

  5. Couldn't happen to a nicer guy than Larry Ellison by HBI · · Score: 3, Insightful

    I'm sure everyone's going to be falling all over themselves feeling sorry for him.

    At least now Oracle has something to spend those exorbitant license fees on.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  6. Re:Couldn't happen to a nicer guy than Larry Ellis by npslider · · Score: 2

    I'm sure they will find somebody to sue by days end.

  7. Data Breach by fustakrakich · · Score: 1

    That's a euphemism for "drop point"

    "We take your [ ] very seriously...."

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Data Breach by npslider · · Score: 1

      drop_table::=customers_data_security
      REINDEX legal_team
      add_table::=CEO_Bonus

  8. typical corporate drivel by Anonymous Coward · · Score: 0

    We have been p0wned, but lets spin it is as positively as we can so don't forget to mention that we "addressed" it, and definitely use the word "legacy" to describe the product, then it does not sound as bad.

  9. THEY SAW THIS COMING!!! by Bob_Who · · Score: 1

    That's why we call them ORACLE

    Now close that gaping orifice and don't look so surprised that all computers running all software can actually be hacked by hackers that guess your password.

         

  10. Re:Couldn't happen to a nicer guy than Larry Ellis by dysmal · · Score: 2

    At least now Oracle has something to spend those exorbitant license fees on.

    Nah. They'll use this as justification for raising prices instead.

  11. "The Ruskies Diddit!" by Tablizer · · Score: 2

    It used to be trendy to blame every breach on N. Korea. Did they take a nap or something?

    --
    Table-ized A.I.
    1. Re:"The Ruskies Diddit!" by Anonymous Coward · · Score: 0

      People finally started questioning that patsy, so they had to switch to a new one.

    2. Re:"The Ruskies Diddit!" by Anonymous Coward · · Score: 0

      No, it is those evil rich white cracker republican trump supporters that brought it upon themselves by being so evil and racist. Blaming the Rus is sooo yesterday. Blaming evil white Republicans for being too white, is the current trend and will not be goin out of style any-time soon.

      You too can get in on the band wagon. All you have to do is turn in you brain and believe everythin the media is tellin you. Yes. The Rus are your fiend (just ask Putin). The real enemy is those evil 'black lives matter' folks or those evil white people who want the government to stop taking their land. All land rightfully belongs to the federal government and the political campaign donors living in China, Russia and Mexico.

      Seriously, Niggas and Crackers need to unite and overthrow the corrupt elite political class.

      Your enemy is not blacks / or whites / republicans / democrats; it is the Chinese, russians and mexicans who want to turn the USA into a third wolrd hell hole. It is all being done with the complicity of the US media.

  12. Let's blame Oracle. by Anonymous Coward · · Score: 0

    Let's ignore the Chinese / Russian / Mexican hackers that stole the money of USAian citizens. Yes, it is Oracles problem and the problem of those evil rich entitled white USAians who trusted Oracle with the security of their finances.

    In the 80's this would be raising all sorts of alarms and calls to action. Today it is just business as usual. Rather than turn the U.S. hatred outward to those doing us harm, the U.S. turns it's hatred inward and instead worries about 'white privilege' and 'gender inequality'. Yes the problem is not Russia and China that want to destroy you, it is those evil (Republicans | Democrats) who want to (kill black people | turn the USA into a welfare state). The media is controlled by foreign interests who want to destroy the USA. By buying into it, and hatred, you are buying into letting the rest of the world inherit it planet.

  13. This is windfall for Oracle by Anonymous Coward · · Score: 0

    Oracle will charge huge sums to get you fixed. I know this is not true, but what if they (marketing/sales at Oracle) conspired to make this happen.

    If they (Oracle) haven't, and later marketing see's that Oracle made shit tons of consulting fees. I predict more breaches that require Oracles assistance.

    P.S. I worked for Oracle at one time. I started looking for a job 3 weeks into my employment. Even me as a software engineer, basically a paid coding prostitute, I could not condone the level of legal fuking that Oracle as a company did.

    1. Re: This is windfall for Oracle by Anonymous Coward · · Score: 0

      Blow the whistle then.

  14. Shock, amazement by drinkypoo · · Score: 1

    Micros has always been staggeringly incompetent in all areas. People use them because they have a name, but the system is garbage overall and that kind of system only comes from a garbage mindset. It would be shocking if a company with a product as poor as Micros didn't have poor security.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  15. May be this is a time to have a database firewall by Anonymous Coward · · Score: 0

    Like for network, need one for Oracle. I believe it called database firewall for Oracle
    datasunrise.com/datasunrise-for-oracle