Oracle has suffered a data breach within its retail unit.
The cloud giant discovered malicious software on systems running its network of MICROS payment terminals, the company confirmed in an email to Fortune. In addition to affecting hundreds of the company’s computers, the breach affects an online support portal that allows Oracle to remotely address customers’ issues concerning their cash register-connected terminals, Brian Krebs, an independent cybersecurity journalist, first reported on his site Krebs on Security on Monday, citing people briefed on the matter.
The malware planted on Oracle’s systems enabled attackers to steal customers’ login credentials, Krebs noted. In response, Oracle said it is forcing users of the service to change their account passwords, adding that the breach does not affect its other corporate networks, cloud services, and systems.
Get Data Sheet, Fortune’s technology newsletter.
The MICROS system compromise could explain why so many shops, hotels, and retail outlets have been suffered breaches at their point of sale systems in the past months, said Avivah Litan, an analyst in Gartner (it). Asked whether she believed that this breach has something to do with a recent spate of stolen payment card data in retail and hotel hacks, Litan told Fortune, “I think it’s very likely.”
“If they’re MICROS customers, this would 100% explain that,” she said on a call.
MICROS point-of-sale technology, which Oracle (orcl) acquired for $5.3 billion in late 2014, is used by companies in hoteling: (Hyatt (h), Marriott (mar), Hilton (hlt), food and beverages: (Yum (yum), Starbucks (sbux), Burger King (bkw), and retail: (Ikea (ikea), BJ’s (bj), Adidas (addyy).
According to a 2014 Oracle power point presentation, MICROS is used by 330,00 sites across 180 countries. That would make it one of the three largest providers of point of sale tech worldwide, alongside Verifone (pay) and Ingenico (ingiy).
For more on Oracle, watch:
Krebs cited the Carbanak Gang, a group of cybercriminals that security experts have said stole more than $1 billion from financial firms and others in recent years, as a possible perpetrator of the attack. One of the group’s computer servers was found to be in contact with the malware, unnamed sources told him.
Here is the note from Oracle concerning the breach, obtained by Fortune, in full: