Data breaches have sadly become common in today’s world. It seems like every month, another company reveals that hackers have exposed their customers’ information due to poor security practices. What’s even more frustrating is when these companies try to downplay or hide the incidents.
Recently, a hacker known as Rose87168 claimed to have accessed Oracle Cloud’s secure servers and stole approximately 6 million records, impacting over 144,000 clients.
This hacker has threatened to sell the stolen data unless companies pay to have their information removed, which includes sensitive credentials and other important data.
Additionally, Rose87168 has asked for assistance from other hackers to break the encrypted passwords in exchange for some of the stolen information.
After the hacker shared a small sample of the stolen data, Oracle told Bleeping Computer that there was no breach of their cloud service.
However, following Oracle’s denial, the hacker began to leak evidence to the media and cybersecurity experts. Investigations by security firms like Hudson Rock and CloudSEK confirmed that the stolen data appears to be authentic.
Experts from CloudSEK suggested that the hacker exploited a zero-day vulnerability in Oracle’s access management software related to Oracle Fusion Middleware to gain access without needing authentication.
Many cybersecurity professionals were shocked by Oracle’s denial, especially since multiple firms have verified the breach independently. Hudson Rock’s CTO, Alon Gal, expressed his disbelief on LinkedIn about Oracle’s response.
Trustwave SpiderLabs also reviewed the situation and confirmed that the leaked data indeed came from Oracle Cloud servers. They stated that the information included a detailed user directory, likely taken from corporate identity management systems.
The leaked data contains personally identifiable information such as names, email addresses, job titles, and phone numbers. The hacker even shared a recording of an internal meeting at Oracle, raising further concerns about the extent of the breach.
Trustwave highlighted that such leaked information poses serious risks to the affected organizations. Cybersecurity expert Kevin Beaumont pointed out that Oracle has rebranded older services as “Oracle Classic,” suggesting that the company’s wording in its denial might be misleading.
Despite the serious nature of the breach, Oracle has not provided any further comments since their initial denial.
Beaumont criticized the company’s silence as irresponsible, while Gal called their lack of transparency alarming. Without guidance from Oracle, Gal directed affected clients to follow CloudSEK’s recommendations to help mitigate the potential damage from the leak.
Other Stories You May Like