Last month, a hacker claimed responsibility for a cyberattack against Oracle Cloud. In a post on BreachForums, the cybercriminal stated that he had gained control of 6 million data records by compromising the American company's servers. The breach is believed to have affected more than 140,000 companies worldwide.
Quickly, many Oracle Cloud customers confirmed a massive data leak. For its part, Oracle firmly denied any intrusion into its servers. The American group confidently assured that "there has been no breach of Oracle Cloud" and that no "Oracle Cloud customer has experienced a breach or lost data". Faced with Oracle's frantic denials, the hacker published a myriad of samples... the authenticity of which was corroborated by researchers.
Oracle Confirms a Leak
After several days of silence, Oracle finally confirmed that an intrusion had hit its infrastructure. As reported by Bloomberg, Oracle indicates that a hacker entered the system and stole old login information belonging to some customers. Oracle informed some of its customers that a hacker had accessed encrypted usernames, access keys, and passwords.
However, the firm continues to assure that there was "no breach of Oracle Cloud". According to the American group, "the published credentials are not linked to Oracle Cloud" and "no Oracle Cloud customers suffered a breach or lost data." So there was indeed an intrusion, but it did not affect Oracle Cloud.
Oracle is playing on words
In fact, the attack hit Oracle Classic... which is not the same as Oracle Cloud. As researcher Kevin Beaumont explains, "Oracle renamed its legacy Oracle Cloud services to Oracle Classic." So, it was Oracle Classic that "was impacted by the security incident." As you may have understood, the publisher is playing with words to minimize the seriousness of the facts.
The company informed customers that the system in question had not been used for eight years, and that the stolen credentials are of little interest to hackers. Researcher Karl Sigler qualifies Oracle's statements and believes that this is still a significant data set, which hackers could use to send phishing emails. In parallel with Oracle's announcements, the FBI opened an investigation into the incident with the support of security researchers from Crowdstrike.
Two Leaks at Oracle
A few days earlier, Oracle also revealed that it had been the victim of an attack against Oracle Health, a subsidiary of Oracle Corporation specializing in information technology for the healthcare sector. Several American healthcare organizations and hospitals were affected. Patient data was stolen during the incident.
According to information from Bleeping Computer, a hacking gang is currently using it to try to extort money from hospitals. This leak has nothing to do with the Oracle Cloud Classic breach, the company says. Once again, the FBI has taken matters into its own hands, opening an investigation into the leak and the ongoing extortion attempts.
Source: Bloomberg
0 Comments