Oracle-owned MICROS PoS systems vendor breached

MICROS, the point-of-sale payment systems vendor owned by Oracle, has suffered a data breach, and there are indicators that point to the infamous Carbanak (aka Anunak) cybercriminal gang being the culprit.

MICROS is one of the biggest PoS vendors in the world – its PoS systems are used by many companies in the retail and hospitality industry, such as Ikea, BurgerKing, Starbucks, Hilton, Hyatt, Accor Hotels, and many others.

According to Brian Krebs‘s sources, the breach started with a single infected system in Oracle’s network, and the attackers hopped from there to other systems, including a customer support portal that Oracle uses to help MICROS customers remotely troubleshoot problems with their PoS systems.

Apparently, this portal was found to be communicating with a server that has previously been tied to the Carbanak gang.

While the extent of the breach is still unknown, Oracle has asked MICROS customers to change the password they use for the affected portal, as well as the passwords for any account that was used by a MICROS representative to access their on-premises systems.

The company said that its corporate network, cloud and service offerings were not compromised in the breach, and that “payment card data is encrypted both at rest and in transit in the MICROS hosted customer environments.”

Still, all that means little to MICROS customers, who are – hopefully – checking their PoS systems for installed malware right now.

As it’s still unknown how far back the breach goes, it seems possible that the Hilton, Starwood, and Hyatt PoS system compromises in 2015 and early 2016 were made possible by the MICROS breach.