451
Oracle hid serious data breach from customers, now hacker has it up for sale (www.techspot.com)
submitted 1 week ago* (last edited 1 week ago) by zaxvenz@lemm.ee to c/technology@lemmy.world
15 comments fedilink hide all child comments

https://archive.ph/zFw3e

Earlier this month, a threat actor going by Rose87168 claimed to have breached Oracle Cloud's federated SSO servers and exfiltrated around 6 million records, affecting over 144,000 Oracle clients. The hacker provided an internal customer list and threatened to sell the data unless clients paid to remove their data from the trove, which included single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, tenant data, and more. Rose87168 has also solicited help from the hacking community to crack the hashed password in trade for some of the data.

top 15 comments
sorted by: hot top controversial new old
[-] Stovetop@lemmy.world 76 points 1 week ago

Fuck Oracle.

[-] Mora@pawb.social 43 points 1 week ago

I hope Oracle will finally send out mails to the affected customers. No idea if I am affected as Oracles login process is so convoluted that I have no desire to deal with it or understand it.

[-] fmstrat@lemmy.nowsci.com 1 points 1 week ago

Just assume you are.

[-] TedDallas@programming.dev 38 points 1 week ago

Oracle is a public company. Public companies must file data breaches with the SEC or they can get into some hot water. They are not ran by smart people.

[-] phoenixz@lemmy.ca 7 points 1 week ago

You mean the SEC in the US? You're kidding right? Nobody cares about any of that anymore. Does the SEC even still exist? Worst case scenario, Oracle just gives some money to Cheeto and they're done

[-] timewarp@lemmy.world 22 points 1 week ago

Because they can hide it & not face any consequences.

[-] AlecSadler@sh.itjust.works 18 points 1 week ago

The number of clients I've worked with who are "stuck" with Oracle passes the 50% mark and I'm just one person.

One company said that Oracle offered them a de-obfuscation tool to migrate elsewhere for a mere $2M. Absurd.

Fuck Oracle.

[-] MonkderVierte@lemmy.ml 6 points 1 week ago

Uh, what, you can't just pull your data and move elsewhere?

[-] barsoap@lemm.ee 6 points 1 week ago* (last edited 1 week ago)

Oracle is not a tech company it's a racket run by an army of lawyers. Obligatory link to Bryan Cantrill's talk.

[-] AnUnusualRelic@lemmy.world 1 points 1 week ago

In that market, it might be a decent deal.

[-] elvith@feddit.org 13 points 1 week ago

Ok, who of you guys is working with Oracle Cloud and has not yet rerolled all API/Access Keys, passwords and so on? And what company do you happen work for? ^Just asking for a friend^

[-] dangercake@feddit.uk 5 points 1 week ago

Omg we have the same friend! Also no 😬

this post was submitted on 31 Mar 2025
451 points (99.3% liked)

Technology

68600 readers
2502 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws