Oracle denies data breach that reportedly exposed 6M company records
What's the story
In a major cyberattack, sensitive data from Oracle Cloud has been compromised. The platform is used by businesses around the globe to manage their systems online.
A Bengaluru-based cybersecurity firm, CloudSEK, found that a hacker going by the name "rose87168" is selling six million records stolen from Oracle's systems.
The breached data contains critical files, passwords for secure access to company systems.
Oracle, on the other hand, has refuted claims of a breach in its cloud infrastructure.
Information
Oracle's statement in response to breach
"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," Oracle stated in response to the reports, according to CloudSEK.
Ransom demand
Hacker demanded ransom from affected companies
Reportedly, the hacker has demanded ransom from over 140,000 affected companies to delete their stolen data.
They have also sought help from others to decrypt the encrypted passwords, offering rewards in return.
CloudSEK believes the hacker exploited a vulnerability in Oracle Cloud's login system, probably related to the Oracle WebLogic Server software used for these login pages.
Security threat
Sensitive data at risk
The stolen data includes JKS files, encrypted SSO passwords, key files, and Enterprise Manager JPS keys.
The breach poses a significant threat as the leaked information could enable hackers to infiltrate company systems and steal more data.
Scrambled passwords are also at risk of being decrypted by hackers who could then log into other systems causing further damage.
Preventive measures
Companies advised to take immediate action
In light of the breach, companies are advised to change passwords immediately and ensure strong passwords are used. Enabling multi-factor authentication (MFA) for extra security is also recommended.
Firms should investigate the breach by checking systems for any signs of unauthorized access and fixing any weaknesses.
Monitoring hacker forums can help track if their information is being discussed or sold.
Cybersecurity focus
Importance of strong cybersecurity measures
The Oracle Cloud data breach highlights the need for strong cybersecurity measures. Companies leveraging Oracle Cloud need to act quickly to protect their systems and data.
Active investigations are also important, as patching any loopholes is essential to avoid further attacks.
This incident serves as a reminder of how important it is to remain vigilant in today's digital world where cyber threats are growing more sophisticated.