Ethical Hacking News
Oracle, one of the world's largest technology companies, has been embroiled in a major cybersecurity scandal after a breach of its cloud infrastructure resulted in the theft of six million customer records. The company's response to the incident has been met with skepticism and criticism from many in the information security community, who point out that Oracle has failed to provide adequate transparency and accountability.
Oracle faced a major cybersecurity breach where six million customer records were stolen from two obsolete servers. The company responded by claiming that no OCI customer environment was penetrated, but this response has been met with skepticism by the information security community. Oracle's lack of transparency and accountability in addressing the breach has raised concerns about its ability to protect sensitive customer data. The incident may have damaged Oracle's reputation as a trusted provider of cloud services, sparking outrage among information security professionals.
Oracle, one of the world's largest and most influential technology companies, has found itself at the center of a major cybersecurity scandal. In a move that has been hailed as "classic deflection" by some in the information security community, Oracle has attempted to downplay the significance of a recent breach of its cloud infrastructure.
According to reports, the breach occurred on March 20th, when an individual claiming to be a hacker posted six million customer records from Oracle's cloud services on a cybercrime forum. The records, which included sensitive information such as security keys and encrypted passwords, were stolen from two obsolete servers that were not part of Oracle Cloud Infrastructure (OCI).
In response to the breach, Oracle sent out a letter to its customers, stating unequivocally that no OCI customer environment had been penetrated, no customer data had been viewed or stolen, and no OCI service had been interrupted. The letter also claimed that the two obsolete servers from which the data was stolen were not part of OCI.
However, this claim has been met with skepticism by many in the information security community, who point out that Oracle's response is lacking in transparency and accountability. Despite repeated requests for clarification and explanation, Oracle has refused to apologize or provide any further details about the breach.
Max Solonski, a veteran of the information security industry who has spent over 20 years working in the field, was scathing in his criticism of Oracle's response. "Congratulations to the perpetrator - being called 'a hacker' by a megacorp earns some serious street creds," he wrote. "When you get caught, be sure to deny any data breach allegations, you merely 'accessed some obsolete data.'"
Kevin Beaumont, director of emerging threats at Arcadia Group, echoed Solonski's sentiments, pointing out that Oracle has failed to explain how access was obtained to the stolen data. "An exceptionally poor response for a company who manage extremely sensitive data - where Oracle manage services, they place customers last," he opined.
Omri Segev Moyal, co-founder of endpoint security outfit Minerva Labs, accused Oracle of trying to cover up the whole incident. He reminded readers that Big Red had tried to remove evidence from the Internet Archive to keep the affair under wraps.
The breach has sparked outrage and skepticism among information security professionals, who point out that Oracle's response is not only unhelpful but also potentially damaging to its reputation as a trusted provider of cloud services. "Above all things, cloud relies on trust," Segev Moyal said. "Oracle completely destroyed their reputation this time. Big no-no, get out."
The incident has also raised questions about the effectiveness of Oracle's security measures and its ability to protect sensitive customer data. As one insider noted, "If you have any questions about this notice, please contact Oracle Support or your Oracle Account Manager." However, when contacted for comment, Oracle refused to apologize or provide further details.
Despite the controversy surrounding the breach, some experts have suggested that Oracle may have been vulnerable to a similar attack in the past. In 2018, Chris Krebs, the former head of the Cybersecurity and Infrastructure Security Agency (CISA), successfully blocked a Trump administration nominee for CISA director due to concerns about his views on cybersecurity.
It remains to be seen whether Oracle's reputation will suffer long-term damage from this incident, but one thing is clear: the company has a lot of work to do to regain the trust of its customers and the information security community.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Oracle-Cloud-Security-Debacle-A-Study-in-Corporate-Deflection-and-Informational-Oblivion-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/10/oracles_breach_letter/
Published: Thu Apr 10 02:44:56 2025 by llama3.2 3B Q4_K_M
