Security

Critical Security Breach: Oracle Admits to Stolen Client Credentials After Hack

tuffbrownboy


Google News

Overview of the Incident

The tech giant Oracle Corp has recently confirmed to its customers that their systems were compromised by hackers, leading to the theft of historical client login data. This disclosure comes following initial denials from the company, marking it their second security violation reported in recent months.

Details of the Breach

According to information obtained by Bloomberg, the breach affected what Oracle referred to as a “legacy environment” where attackers gained unauthorized access to essential authentication information, including usernames, encrypted passwords, and passkeys.

Investigations and Responses

The severity of the issue has prompted Oracle to engage the services of the FBI and cybersecurity firm CrowdStrike to conduct a thorough investigation into the breach.

Contradictions and Initial Denials

In stark contrast to previous assertions, Oracle had firmly denied any breaches, especially when initial reports surfaced in March about a threat actor attempting to sell almost 6 million Oracle data records. Oracle’s statement at the time emphasized that there had been “no breach of Oracle Cloud” and reassured that no data had been lost.

Scope and Impact of the Attack

The breach has exposed significant vulnerabilities within Oracle’s systems. Security experts have criticized Oracle’s handling of the incident, pointing out maneuvers such as rebranding compromised systems to downplay the severity of the situation.

Further Complications and Legal Repercussions

Oracle’s challenges are compounded by additional breaches, including one involving healthcare data from legacy Cerner servers. The company’s approach to these security incidents has begun to spark legal actions, with a class-action lawsuit citing negligence in securing sensitive information.

Implications for Cloud Security

These continuous breaches challenge the fundamental promises of cloud security, notably the tenant isolation and breach containment strategies that many customers rely on.

Conclusion

As these breaches unfold, Oracle maintains its strategy of private disclosures, without making public statements. The continued investigations are closely watched by industry observers and customers alike, highlighting the need for robust security measures in cloud services.

Related: 5 Alarming Ways Threat Actors Exploit CI/CD Pipelines to Hijack Sensitive Data

Last Updated: April 8, 2025

Post Views: 22

Related Posts