1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Oracle quietly confirms public cloud data breach, customer data s

    From TechnologyDaily@1337:1/100 to All on Tue Apr 8 12:15:07 2025
    Oracle quietly confirms public cloud data breach, customer data stolen

    Date:
    Tue, 08 Apr 2025 11:00:00 +0000

    Description:
    The company is apparently sending out breach notifications to affected customers

    FULL STORY ======================================================================The
    data breach that Oracle first denied has now been confirmed The company is reaching out to affected customers Oracle is facing an alleged lawsuit

    Oracle has started notifying customers about the recent data breach at its cloud services.

    In early April, a threat actor with the alias rose87168 opened a new thread
    on an underground forum to advertise the sale of a database stolen from the company. The database allegedly contained six million records, including private security keys, encrypted credentials, and LDAP entries, all belonging to Oracle customers.

    To confirm the authenticity of the information, the hacker even uploaded a
    new document to the cloud, containing their own email address.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Lawsuit incoming?

    At first, Oracle denied the claims, but later confirmed them. However, it
    also tried to downplay the importance of the hack, claiming the data was
    taken from an old, unused server, and that the information found there was eight years old and thus obsolete. However, there might be more to this
    story.

    According to The Register , the data belonging to one of the victims was created in 2024. Another victim (were not sure if its the same company, or a different one) is preparing to sue Oracle over the incident. The Register
    also notes that Oracle has reached out to at least two organizations so far.

    The investigation is currently ongoing and the details wont be known until
    its concluded. So far, it seems that the attacker exploited a vulnerability
    in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability
    is tracked as CVE-2021-35587 , and was assigned a critical severity score 9.8/10. It was patched in mid-January, 2022, raising questions over whether Oracle kept its own servers vulnerable to a flaw it fixed more than three years ago.

    Cybersecurity experts CrowdStrike are currently analyzing the incident. The FBI was also notified about the attack, Oracle has confirmed.

    Via The Register You might also like Oracle admits second major security breach, user login data stolen We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/oracle-quietly-confirms-public-cloud-da ta-breach-customer-data-stolen


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)