HQ/EMEAFind out how we can help your business
Oracle has finally confirmed in email notifications distributed to its customers that a hacker stole its stored credentials. However, the company only claimed that the hacked and leaked servers were obsolete.
The firm reassured the notification recipients that its servers remained uncompromised and that this incident did not affect customer data or cloud services.
The notification letters clarified that Oracle’s cloud servers, Oracle Cloud Infrastructure (OCI), have not suffered a security breach. In addition, no OCI customer environment has been penetrated.
The letters also noted no disruption to OCI services, as detailed in emails sent from replies@oracle-mail.com. Still, customers are encouraged to contact Oracle Support or their account manager for any further inquiries or concerns.
Oracle explained that the attacker who claimed the breach had only hacked two of its outdated servers.
Oracle confirmed in its notification letters that a hacker gained access to and released usernames from two of its outdated servers. However, these ‘obsolete’ servers were never associated with OCI.
No usable passwords were revealed, as these passwords were either encrypted or hashed. Hence, encryption would also prevent hackers from accessing any customer infrastructure or data.
Since the incident came to light in March, when the alleged rose87168 threat actor attempted to sell 6 million data records on BreachForums, the firm has consistently denied claims of a breach involving Oracle Cloud in its several statements.
While the firm informs customers that the breach affected an older platform, Oracle Cloud Classic, researchers believe that the hack claims result from deliberate confusion. This company has rebranded its previous cloud services as Oracle Classic, the platform that suffered the security incident.
Concerned parties are asking whether this new statement confirms that these alerts are legitimate and not from a threat actor or third party, but the company has yet to respond to these inquiries.
