The intrusion occurred through Micros – Oracle portal for processing credit cards. Companies such as Adidas, Burger King & Hilton could be affected due to this breach.
Hackers need not always hack into a company directly to access its customer’s credit card details. A roundabout route can often lead to direct access. Although this appears to be a contradiction in terms, this is not so.
Case in point: Database giant Oracle has confirmed to Brian Krebs, a noted computer security expert that hackers may have managed to get access to Oracle’s credit card system by taping its support portal for Micros – a point-of-sale credit card processing system that it acquired in 2014.
The jury is out on how many systems were compromised, although according to Krebs it could be nearly 700.
The intruders have installed malware into the portal and were mining digital gold by logging the user credentials of all companies which used Micros. Although they didn’t have direct access to the credit card data, there is however the very real possibility that the account details that have been captured by them could be used to install malware into the credit card systems so as to get access to the sensitive information.
Oracle has gone to lengths to stress the fact that it has “addressed” the rogue code and that its other services haven’t been affected. Thankfully, Oracle has stored the credit card data encrypted in its database. Even if the hackers did manage to access it, they now have to break the encryption to get to the data.
It is possible that the Carbanak Gang, a Russian criminal group, may be involved in this hack since the attackers seem to know precisely what they were after.
Significantly, the heavyweights who can be counted as Micros’ customers include, Burger King, Adidas, and Hilton.
Although the hackers may not have gained access to unencrypted credit card data, there is a real worry that they may have gained access to someone else’s kingdom.