A security breach at Oracle has affected more than 700 internal systems in an attack believed to have been perpetrated by cyber criminals operating from Russia.
The company has admitted that "malicious code" was detected in, and removed from, "certain legacy MICROS systems". There are more than 330,000 Oracle MICROS cash registers in use around the world.
This admission raises questions over how long the attackers had access to some of Oracle's internal systems, and what they were able to do.
The customer support portal for companies using Oracle's MICROS credit card payment systems also appears to have been breached, and users have been urged to change their passwords.
Oracle admitted in an email to security researcher Brian Krebs, who publicly exposed the breach, that the break-in is still being investigated and that the firm does not yet not know how the attackers gained access to internal systems.
"Sources close to the investigation say Oracle first considered the breach to be limited to a small number of computers and servers at the company's retail division," wrote Krebs.
"That source said that soon after Oracle pushed new security tools to systems in the affected network, investigators realised the intrusion affected more than 700 infected systems."
Krebs claimed that he started investigating the incident just two weeks ago after being contacted by an Oracle MICROS customer who had heard about a "potentially large breach" at Oracle's retail division.
Further investigation by Krebs suggested that malware on Oracle's MICROS customer support portal was observed communicating with a server known to be used by Russia's notorious Carbanak gang.
Carbanak is believed to have stolen more than $1bn from banks, retailers and other companies in recent years, indicating that the breach was the work of proficient crackers and not 'script kiddies'.
"A source briefed on the investigation says the breach likely started with a single infected system inside Oracle's network that was then used to compromise additional systems," said Krebs.
"Among those was a customer ‘ticketing portal' that Oracle uses to help MICROS customers remotely troubleshoot problems with their point-of-sale systems.
"Those sources further stated that the intruders placed malicious code on the MICROS support portal, and that the malware allowed the attackers to steal MICROS customer user names and passwords when customers logged in to the support website."
Oracle has released relatively little information about the scope of the breach, but has insisted that none of its cloud offerings was affected.
However, the company has sent V3 a copy of the email that it is sending to MICROS customers.
"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems. Oracle's corporate network and other cloud and service offerings were not affected by this code. Payment card data is encrypted at rest and in transit in the MICROS hosted environment," the email said.
"To prevent a recurrence, Oracle implemented additional security measures for the legacy MICROS systems. Consistent with standard security remediation protocols, Oracle is requiring MICROS customers to change the passwords for all MICROS accounts.
"We also recommend that you change the password for any account that was used by a MICROS representative to access your on-premise systems."
Oracle also attached a series of FAQs and advised users to contact MICROS support for further information.
MICROS is one of the big three point-of-sale systems vendors worldwide, and was acquired by Oracle in June 2014 in a $5.3bn deal.
Just two years earlier, MICROS had acquired the UK's Torex Retail in a £114.5m cash deal. UK customers include fashion chains River Island and Monsoon, and hotel chain Best Western.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago