Exposed Oracle Data Validated by Customers Amid Breach Denial

share
Header image

Exposed Oracle Data Validated by Customers Amid Breach Denial

share

Organisations corroborate claims of breached Oracle data.


Numerous organisations have corroborated data purported by threat actor "rose87168" to be among the six million records stolen from Oracle Cloud federate single sign-on login servers.

Whilst Oracle dismissed claims of a breach of Oracle Cloud, saying that the published credentials are not for the Oracle Cloud, all LDAP display names, given names, email addresses, and other information exposed by rose87168 were confirmed by impacted organisations' representatives to be legitimate under the condition of anonymity.

In a post on BreachForums, rose87168 alleged breaking into Oracle Cloud's servers through a vulnerability, which CloudSEK believes might have been the CVE-2021-35587.

Aside from providing an email warning Oracle's security email of the server compromise, the threat actor also shared with BleepingComputer an email thread with a supposed Oracle representative using a ProtonMail email address that requested the use of the said address for communications regarding the incident. 

Adam Pilton, senior cybersecurity consultant at CyberSmart, said: "Oracle’s outright denial of a breach appears increasingly tenuous given that affected customers have now verified their stolen data as genuine.

"While Oracle’s security incident policy states that they will notify all concerned parties ‘promptly’ in the event of a breach, it also notes that ‘information about malicious attempts or suspected incidents and incident history are not shared externally.’ This raises the question of whether Oracle is classifying this as a ‘suspected incident’ rather than a confirmed breach."

Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Vulnerabilities and Flaws Published: 27 March Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Claude Mythos: What CISOs Should Know

Claude Mythos: What CISOs Should Know

 Iran and the New CNI Threat

Iran and the New CNI Threat

 Vulnerability Management and the AI Challenge

Vulnerability Management and the AI Challenge
Identity-Based Attacks: The Threat and How to Mitigate It

Identity-Based Attacks: The Threat and How to Mitigate It

 Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate

 Novel CyberStrikeAI tool exploited in attacks

Novel CyberStrikeAI tool exploited in attacks
Industry urges reform to retain women in tech

Industry urges reform to retain women in tech