You are using an older browser version. Please use a supported version for the best MSN experience.

Oracle data breach opened credit card payment systems to attack

Engadget Engadget 9/08/2016 Jon Fingas
© Provided by Engadget

Data thieves don't always have to go straight to the source to swipe payment details... sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It's not certain just how many systems were breached (Krebs' sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn't have had direct access to payment data, but there's a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.

Oracle is quick to stress that it has "addressed" the rogue code, and that its other services weren't affected. The payment details themselves are encrypted both in the database and when in use, too, so attackers couldn't easily make use of it. However, there are hints that a well-known Russian criminal group, the Carbanak Gang, may have been involved -- the hackers likely knew what they could get. And when Micros' users include heavyweights like Adidas, Burger King and Hilton, there's a worry that the culprits got the keys to someone's kingdom.

Krebs on Security

More from Engadget

image beaconimage beaconimage beacon