Oracle customers confirm data stolen in alleged cloud breach is valid
Read More
0 items
-
$0.00
0
Oracle customers confirm data stolen in alleged cloud breach is valid
Read More
Be the first to know the latest updates
Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.
6 Comments
2thumbsup
Alone the fact that Oracle was hosting their login gateway on a product with a known vulnerability from 2021 with a CVSS score of 9.8 is quite disturbing.
az226
Classic, Oracle denying breach despite clear evidence.
ziddoap
>BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
>In addition to the data, rose87168 shared an Archive.org URL with BleepingComputer for a text file hosted on the "login.us2.oraclecloud.com" server that contained their email address. This file indicates that the threat actor could create files on Oracle's server, indicating an actual breach.
Oracle probably should have just admitted the validity up front.
It's not like there are any real penalties to a breach. Lying about it is probably a worse PR hit than the breach itself.
xyst
> In this email exchange, the threat actor says someone from Oracle using a @proton.me email address told them that "We received your emails. Let’s use this email for all communications from now on. Let me know when you get this."
E-mails are one of the sources at most public companies that are required to retain for a period of time (7 yrs?). Probably trying to avoid a paper trail?
Data breaches, unfortunately, have no impact to stock. Companies that use Oracle products are unlikely to migrate any time soon.
_future_ sales may be impacted and maybe some smaller players can migrate off. But Oracle will downplay it as much as possible.
“Deny. Delay. Defend.” Is not just a health insurance slogan.
6stringmerc
Okay having worked at a top 3 insurance broker about 10 years ago when “Cyber” policies were being rolled out (h/t Beasley)…I wonder who underwrote Oracle’s policy and how much it was in that tower? No policy? Hope the D&O can cover the shareholder lawsuits! Wait, something something cozy with administration in power, rules subject to interpretation, etc.
Then again, Tyler Technologies blamed Judyrecords.com for their exposing reams of sealed cases in California because of their flawed obfuscation system and claimed it was a security breach (somehow skated on accountability there).
Rule #1 of a breach is never write the word breach in an email, hence the discussion off their dot com I figure…
thedougd
If you ran Oracle you’d appreciate why it wasn’t patched. They do not make it easy.