Be alert, cash register credit card readers may be compromised by Oracle breach

oracle By Peter Kaminski via Flickr
Watch your credit card accounts. A major data breach at Oracle by a Russian organized cybercrime group may have compromised more than 330,000 Micros point-of-sale credit card payment readers worldwide, according to Krebs on Security. If that’s the case, data from cards swiped at those registers could be stolen and used on dummy cards to make high ticket purchases.

Update – Oracle’s Corporate Communications, Director of Industries Michael Diamond contacted Digital Trends with a copy of a letter send to Micros customers, emphasizing the following sentence,  “Payment card data is encrypted both at rest and in transit in the MICROS hosted environment.” When asked for clarification about point-of-sale card swipe devices and potential malware threats, Oracle declined to comment, stating that the customer letter is the company’s statement. So unanswered questions remain about past and present vulnerability.

Oracle’s Micros division is one of the top three point-of-sale system vendors in the world. KrebsonSecurity followed up in late July on a tip from an Oracle Micros customer. The customer had been informed by Oracle that a breach in its retail division likely affected only Oracle staff. On further investigation, according to KrebsonSecurity sources, Oracle found more than 700 impacted systems.

KrebsonSecurity’s Oracle sources, speaking without permission from their employer to speak on the record, revealed that the Micros customer support portal was compromised. This is a support system used by merchants who use the credit card payment system, not the merchant’s customers. The portal was communicating with a server associated with an infamous Russian group called the Carbanak Gang.

The experts said a single system spread the malware to other systems including a customer portal that helps Micros merchant customers troubleshoot problems. The malware stole the usernames and passwords of people logging in to the support portal.

Oracle told KrebsonSecurity it is forcing a password reset on Micros support accounts and telling them that, “We also recommend that you change the password for any account that was used by a Micros representative to access your on-premises systems.”

The issue with “on-premises systems” does potentially reach down to individual consumers who swipe their cards at cash registers, according to KrebsonSecurity. It the malware communicated with individual terminals it could potentially send card-stealing malware to the devices to capture credit card and account data. If that happened, the card data could be transferred into the wrong person’s hands, and that’s never good for you. Because Oracle will not answer further questions, we suggest you remain alert and check your credit card accounts regularly.

Updated by Bruce Brown 08-09-16: Updated after contacted by Oracle with a copy of the letter the company sent to Micros customers.


Happy Valentine’s Day! Coffee Meets Bagel dating app data may have been breached

Are you planning on using Coffee Meets Bagel to find love on Valentine's Day? If you've been using the app for a while, you'll probably want to change your password -- the company said a data breach may have taken place before May 2018.

500px reveals almost 15 million users are caught up in security breach

Almost 15 million members of portfolio website 500px have been caught up in a security breach. The hack occurred in 2018 but was only discovered last week. Users are being told to change their 500px password as soon as possible.

Forgot your Android password or PIN? Here’s what you need to do

It’s a horrible feeling when you forget your Android password, PIN, or pattern and can’t access your smartphone. Thankfully, there are some things you can do to gain access to your device. Find out what your options are right here.

Use one of these password managers to help protect yourself online

The internet can be a scary place, especially if you don't have a proper password manager. This guide will show you the best password managers you can get right now, including both premium and free options.

Opera web browser targets enhanced accessibility with major redesign

The browser wars are heating up. In the latest move for Opera, a new development release pushes it even closer to Chrome with a redesign and overall goal of redefining the modern web browser. 

Breaking: Amazon won’t build headquarters in New York in face of opposition

Amazon has canceled plans for a New York City headquarters afer citizens, civic groups, and politicians pushed back on Governor Andrew Cuomo and New York City Mayor Bill de Blasio's exclamation of economic joy over Amazon's earlier…

DLSS is finally arriving in games, but how does Nvidia's super-sampling actually work?

Nvidia's new DLSS technology is exciting, but what is it and how does it work? It's not quite anti-aliasing and it's not quite super sampling. It's a little bit of both and the end results can be impressive.

A new Mac Pro is supposedly coming in 2019, but what will it be like?

Our Mac Pro 2019 rumor roundup covers all the top news, leaks, and rumors about the new Mac Pro set to be announced sometime in 2019. Here's what Apple has said, what the experts think, and what's likely to show up with the new Mac Pro.

Take to the virtual skies with these free flight simulators

You don't have to spend the entirety of your paycheck to become a virtual ace, at least when it comes to flight simulation. Our list of the best free flight simulators will let you unleash your inner Maverick.

Wage war on a budget with these fun and free first-person shooters

We all know about Halo and Call of Duty by now, but what about quality titles that won't cost you upward of $60? Check out our picks for the best free first-person shooter games from Paladins to Quake Champions.

Enjoy Windows on a Chromebook with these great tips and tricks

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so in case you're looking to nab some Windows-only software.

Switch your WMA files for MP3s with our quick conversion tips

The WMA codec may be great when it comes to multi-channel surround sound, but unfortunately, it falters in terms of compatibility. Check out our guide on how to convert WMA files to MP3 via web-based or desktop methods.

Looking for a new laptop? These 5 notebooks are on sale through Presidents’ Day

If you're ready to ditch your aging notebook, you can score some fantastic Presidents' Day savings right now on Microsoft's Surface Pro 6, Dell's XPS 13, HP's Spectre x360, Lenovo's Yoga C930, and Dell's G5 15 Gaming laptops.
Virtual Reality

Getting into VR is spendy. Which headset is truly worth your hard-earned cash?

Virtual reality has finally gone mainstream, but how do you find the best VR headset for you? Check out a few of our favorites, whether you want the best of the best or a budget alternative for your mobile device.