Technology

68306 readers

4344 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

115

Oracle hid serious data breach from customers, now hacker has it up for sale (www.techspot.com)

submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]

24 comments fedilink hide all child comments

https://archive.ph/zFw3e

Earlier this month, a threat actor going by Rose87168 claimed to have breached Oracle Cloud's federated SSO servers and exfiltrated around 6 million records, affecting over 144,000 Oracle clients. The hacker provided an internal customer list and threatened to sell the data unless clients paid to remove their data from the trove, which included single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, tenant data, and more. Rose87168 has also solicited help from the hacking community to crack the hashed password in trade for some of the data.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 3 days ago (2 children)

Ok, who of you guys is working with Oracle Cloud and has not yet rerolled all API/Access Keys, passwords and so on? And what company do you happen work for? ^Just asking for a friend^

[–] [email protected] 1 points 2 days ago (1 children)

I wonder how many of those companies - that are stuck with Oracle due to legacy software - have just too many keys to reroll that they just won't do it. Mainly due to everything being a manual process.

[–] [email protected] 2 points 2 days ago

At least we're constantly told to be ready to act to reroll secrets, etc and try to automate the change/deployment of changed passwords and such.

Depending on the system you're working with, this may still be a PITA, but at least we do have plans for even the "problematic" systems and we have probably done this a few times. Although maybe not at this scale, tbh.

So, imagining I were tasked to do that for $hyperscaler in "my" systems... I feel some dread, as even if everything is automated ä, there's always something that doesn't go as planned - but at least I know what can be done in which way and which timeframe is realistic (and which parts will be the most sensitive). If you do not have plans, well... Good luck. You'll need it.

[–] [email protected] 1 points 3 days ago

Omg we have the same friend! Also no 😬