Skip to main content

Be alert, cash register credit card readers may be compromised by Oracle breach

oracle By Peter Kaminski via Flickr
Image used with permission by copyright holder
Watch your credit card accounts. A major data breach at Oracle by a Russian organized cybercrime group may have compromised more than 330,000 Micros point-of-sale credit card payment readers worldwide, according to Krebs on Security. If that’s the case, data from cards swiped at those registers could be stolen and used on dummy cards to make high ticket purchases.

Update – Oracle’s Corporate Communications, Director of Industries Michael Diamond contacted Digital Trends with a copy of a letter send to Micros customers, emphasizing the following sentence,  “Payment card data is encrypted both at rest and in transit in the MICROS hosted environment.” When asked for clarification about point-of-sale card swipe devices and potential malware threats, Oracle declined to comment, stating that the customer letter is the company’s statement. So unanswered questions remain about past and present vulnerability.

Recommended Videos

Oracle’s Micros division is one of the top three point-of-sale system vendors in the world. KrebsonSecurity followed up in late July on a tip from an Oracle Micros customer. The customer had been informed by Oracle that a breach in its retail division likely affected only Oracle staff. On further investigation, according to KrebsonSecurity sources, Oracle found more than 700 impacted systems.

Please enable Javascript to view this content

KrebsonSecurity’s Oracle sources, speaking without permission from their employer to speak on the record, revealed that the Micros customer support portal was compromised. This is a support system used by merchants who use the credit card payment system, not the merchant’s customers. The portal was communicating with a server associated with an infamous Russian group called the Carbanak Gang.

The experts said a single system spread the malware to other systems including a customer portal that helps Micros merchant customers troubleshoot problems. The malware stole the usernames and passwords of people logging in to the support portal.

Oracle told KrebsonSecurity it is forcing a password reset on Micros support accounts and telling them that, “We also recommend that you change the password for any account that was used by a Micros representative to access your on-premises systems.”

The issue with “on-premises systems” does potentially reach down to individual consumers who swipe their cards at cash registers, according to KrebsonSecurity. It the malware communicated with individual terminals it could potentially send card-stealing malware to the devices to capture credit card and account data. If that happened, the card data could be transferred into the wrong person’s hands, and that’s never good for you. Because Oracle will not answer further questions, we suggest you remain alert and check your credit card accounts regularly.

Updated by Bruce Brown 08-09-16: Updated after contacted by Oracle with a copy of the letter the company sent to Micros customers.

Bruce Brown
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
Biden uses an executive order to open federal sites for AI
inside of a data center

President Biden signed an executive order Tuesday designed to ensure that the AI industry will have plenty of compute and electrical power in the coming years by making federal lands available to expansive data centers and clean energy production facilities.

Specifically, the order directs federal agencies to fast-track large-scale AI infrastructure projects on federal land, make more federal sites available for data center and energy production projects, as well as integrate the new infrastructure into the local power grid. Both the Department of Energy and the Department of Defense are to each find three sites within their holdings where private companies might be able to build AI data centers before running “competitive solicitations” from prospective builders on those sites.

Read more
FBI to ‘remove’ this nasty malware that’s affected 2.5 million PCs
An individual surrounded by several computers typing on a laptop.

A malware originating from China has now been contained after the FBI gained a court order to have the harmful code deleted from thousands of Windows PCs.

The agency has successfully put an end to the reign of the PlugX malware in the U.S., which has affected over 2.5 million devices globally by infiltrating infected USB drives, PCMag noted.

Read more
This phenomenal Acer gaming laptop is $450 off at Best Buy
The Acer Predator Helios on a white background.

With the recent announcement of the Nvidia RTX 50-series of GPUs launching from the end of this month, we’re spotting some great gaming laptop deals for all things 40-series. While they may soon no longer be the latest hardware, they’re still going to offer exceptional gaming performance for a long time to come. One highlight is being able to buy the Acer Predator Helios 18 at Best Buy for $2,550 instead of $3,000. Packed with high-end hardware, here’s why it’s one of the best laptop deals around.

Why you should buy the Acer Predator Helios
The Acer Predator Helios is a supremely powerful gaming PC that is sure to rival pretty much all the best gaming laptops out there. It uses a 14th-generation Intel Core i9-14900HX processor along with packing 32GB of RAM and 1TB of SSD storage. If we were being picky, maybe more RAM or storage would have been perfect, but this is still pretty great. Alongside that, there’s a GeForce RTX 4090 GPU which is near impossible to beat (until the 50-series launches).

Read more