Despite Oracle’s denial of a breach affecting its Oracle Cloud federated SSO login servers, Bleeping Computer has confirmed with multiple companies that data samples shared by the threat actor are authentic.
Recently, a threat actor, “rose87168,” claimed to be selling six million records, including sensitive account data, on dark web forums.
CloudSEK’s investigation suggests the breach may have exploited a known security flaw, possibly allowing unauthorized access and data exfiltration. The vulnerable Oracle Cloud subdomain, which has subsequently been removed.
Oracle dismissed the claims, although cybersecurity firm CloudSEK and independent researchers found evidence supporting the breach.
As further proof, the threat actor uploaded a file to an Oracle login server, raising more questions about Oracle’s denial.
A Tenuous Denial
Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, says “Oracle’s outright denial of a breach appears increasingly tenuous given that affected customers have now verified their stolen data as genuine.”
He says while Oracle’s security incident policy states the company will notify all concerned parties ‘promptly’ in the event of a breach, it also states that ‘information about malicious attempts or suspected incidents and incident history are not shared externally, which raises the question of whether Oracle is classifying this as a ‘suspected incident’ instead of a confirmed breach.
Irrespective of Oracle’s position, there’s no doubt customer data has been exposed, he adds. “Organizations connected to Oracle should take proactive security measures such as reviewing access controls, enforcing MFA, resetting credentials where necessary, and monitoring for any suspicious activity. Waiting for official confirmation may not be a risk worth taking.”
Pilton has also put together a guide to the breach with everything you need to know so far, including screenshots of forum and customer messages, which you can find here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.