The Oracle data breach drama continues, with some of the company’s customers verifying the validity of the data hackers claimed to steal from the company.
Last week, data purportedly from six million Oracle customers was put online for sale. The hacker claimed to have exfiltrated the data via a breach of Oracle Cloud federated SSO login servers, as well as other services. According to BleepingComputer, the data included authentication information and encrypted passwords, with the hacker claiming the passwords could be decrypted using the stolen files.
Oracle has denied the hacker’s claims.
“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” the company told the outlet last week.
Despite Oracle’s claims, its customers are confirming the validity of the data samples the hackers provided as proof of the breach. BleepingComputer says it reached out to multiple companies who confirmed the data samples were valid.
A Major Embarrassment for Oracle
If the hackers claims are true—and the independent verification from Oracle customers are making this seem more likely—such a breach would be a major embarrassment for Oracle, and at the worst possible time.
Larry Ellison has often touted the company’s cloud security, especially in relation to its larger rivals. Ellison has is also pushing for vast AI surveillance systems, systems in which unimpeachable security would be a requirement.
A possible Oracle data breach is a worst-case scenario for the company, and could undo much of the progress it has made against larger rivals, as well as jeopardize Ellison’s ambitions.
It seems those within the company are aware of the stakes, with the hacker sharing threads with BleepingComputer that show someone purportedly from Oracle insisting that all communication be done via a Proton email account.
“We received your emails. Let’s use this email for all communications from now on. Let me know when you get this.”
If this claim is also true, it underscores the efforts the company may be going to in order to keep a lid on a possible breach.
from WebProNews https://ift.tt/cOFPyKa
No comments:
Post a Comment