Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Breach At Oracle's MICROS Point-of-Sale Division (krebsonsecurity.com)

Posted by msmash on from the vulnerable-systems dept.

Brian Krebs reports: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems." It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal. MICROS is among the top three point-of-sale vendors globally. Oracle's MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS's systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

19 of 33 comments (clear)

  1. We all saw this coming by npslider · · Score: 5, Funny

    Oracle IT must have forgotten to update to the latest version of Java.

    1. Re:We all saw this coming by NotInHere · · Score: 4, Funny

      They didn't want to accidentially install the free Ask! toolbar.

    2. Re:We all saw this coming by npslider · · Score: 1

      From java.com:

      "What are the features of the Ask Shopping toolbar?

      The Shopping toolbar by Ask enhances user shopping experience by offering an enhanced shopping search results, links to popular shopping sites and/or content such as coupons, special offers and the latest deals from many merchants. It includes rich content, a variety of product listings and visual product search results."

      Why wouldn't they want this? It seems like it would only benefit customers who want an enhanced shopping experience...

    3. Re:We all saw this coming by Anonymous Coward · · Score: 1

      Which, I believe, is version 8 build 94726875872565651898209049982

      As we all know, the major improvement over build 94726875872565651898209049981 is to patch 864 zero day vulnerabilities that were discovered 4 months ago.

    4. Re:We all saw this coming by Anonymous Coward · · Score: 1

      I worked at Micros for about 5 minutes. If you only know the total ineptness around that place and the total I don't care attitude that everyone has, you would know why their systems are complete crap. Go into their SAAS services and now you have total joke, there was a time where they had an outage everyday and about 70% uptime. Couldn't work there had to leave.

    5. Re:We all saw this coming by Tablizer · · Score: 1

      What, no ability to leverage synergy? Bah!

      --
      Table-ized A.I.
    6. Re:We all saw this coming by The+Snowman · · Score: 1

      Five minutes? I worked there for more than five years and I am still amazed at the ineptitude and laziness I encountered there. Some individuals took their jobs seriously, but the whole work environment was all about who's dick you were sucking and trying to be groomed for promotion into a job where you did nothing and got paid a lot.

      Oh, we need to do stuff about security like protecting passwords or credit card data? Meh, spend five minutes on it until the next customer complains then move on. If you don't have enough time to fix a problem, we'll just dump it in the customer's lap and tell them to take a hike because we already completed the contract and cashed their check per SOX requirements.

      This breach and its ramifications do not surprise me one bit. I would be extremely surprised if this was the first breach, and we just did not know about previous ones. That happens when you fire half of MIS, slash their budget, and burden them with arbitrary, nonsensical constraints that prevent them from doing their jobs.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. UNBREAKABLE LINUX by Anonymous Coward · · Score: 1

    But I thought it was unbreakable?

    1. Re:UNBREAKABLE LINUX by stackOVFL · · Score: 1

      Inconceivable!

  3. Couldn't happen to a nicer guy than Larry Ellison by HBI · · Score: 3, Insightful

    I'm sure everyone's going to be falling all over themselves feeling sorry for him.

    At least now Oracle has something to spend those exorbitant license fees on.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  4. Re:hahahaahahaha by Anonymous Coward · · Score: 2, Funny

    Trump asked Russia to find Oracle's emails.

  5. Re:Couldn't happen to a nicer guy than Larry Ellis by npslider · · Score: 2

    I'm sure they will find somebody to sue by days end.

  6. Data Breach by fustakrakich · · Score: 1

    That's a euphemism for "drop point"

    "We take your [ ] very seriously...."

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Data Breach by npslider · · Score: 1

      drop_table::=customers_data_security
      REINDEX legal_team
      add_table::=CEO_Bonus

  7. THEY SAW THIS COMING!!! by Bob_Who · · Score: 1

    That's why we call them ORACLE

    Now close that gaping orifice and don't look so surprised that all computers running all software can actually be hacked by hackers that guess your password.

         

  8. Re:Couldn't happen to a nicer guy than Larry Ellis by dysmal · · Score: 2

    At least now Oracle has something to spend those exorbitant license fees on.

    Nah. They'll use this as justification for raising prices instead.

  9. Re:hahahaahahaha by npslider · · Score: 1

    They did recover the emails, but to everyone's shock and dismay, it was the same message over and over again:

    ALL YOUR DATABASES ARE BELONG TO US!

  10. "The Ruskies Diddit!" by Tablizer · · Score: 2

    It used to be trendy to blame every breach on N. Korea. Did they take a nap or something?

    --
    Table-ized A.I.
  11. Shock, amazement by drinkypoo · · Score: 1

    Micros has always been staggeringly incompetent in all areas. People use them because they have a name, but the system is garbage overall and that kind of system only comes from a garbage mindset. It would be shocking if a company with a product as poor as Micros didn't have poor security.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"