Oracle, a software giant that makes point-of-sale credit card systems, has reportedly seen a massive security breach that could have far-reaching implications for its customers. According to security journalist Brian Krebs, a Russian cybercrime group has gained access to Oracle’s systems, including the customer portal for businesses that use its credit card processing systems. As you might imagine, this is not good.
Oracle confirmed to Krebs that it had “detected and addressed malicious code in certain legacy MICROS systems,” and is telling customers to reset username and passwords. The Micros systems are credit card processing terminals used by hotels, banks, restaurants, and hundreds of thousands of other businesses.
According to Krebs’s source, the Micros customer service portal was seen communicating with a server owned by the Carbanak Gang, a Russian cybercrime group. Worst-case scenarios would involve malware being uploaded to customers’ POS terminals, which could be used to skim the card details of millions of customers.
Krebs first learned of the breach on July 25th, although it’s unclear when Oracle first discovered the breach. It’s thought that the malware started on one device, but subsequently spread to 700+ machines. The infected customer service portal may well not be the end of it.
As a credit-card-wielding consumer, you probably interact with Micros terminals multiple times per week. Until the extent of the security breach can be discovered and fixed, using a chip card (or secure mobile payment like Apple Pay) where possible should limit the chances for your card details to be stolen.