Oracle attempt to hide cybersecurity incident from customers?
a year ago
- #data-breach
- #Oracle
- #cybersecurity
- Oracle is facing a serious cybersecurity incident involving their SaaS services, with evidence suggesting a breach.
- A threat actor named rose87168 claims to have breached Oracle services and provided proof, including internal meeting recordings and configuration files.
- Oracle denies a breach of Oracle Cloud but evidence shows customer data was compromised, including staff email addresses.
- Oracle is attempting to downplay the incident by using specific wording and avoiding written confirmations, only providing verbal updates to customers.
- The incident involves Oracle Classic (formerly Oracle Cloud services), and Oracle is using wordplay to avoid responsibility.
- Multiple Oracle customers have confirmed breaches of their services, with Oracle only acknowledging the issue verbally.
- The threat actor continues to release data and threatens to release more, with some data verified by cybersecurity experts and journalists.
- Oracle has requested the removal of evidence from Archive.org but missed some URLs, leaving traces of the breach.
- The behavior mirrors Oracle's handling of a previous breach at Oracle Health, where details were only shared verbally.
- Additional security issues with Oracle Classic (OCI Gen1) are under investigation.