Oracle’s Data Breach Denial Unravels as Leaked Info Checks Out
informationsecuritybuzz.com
Despite Oracle’s denial of a breach affecting its Oracle Cloud federated SSO login servers, Bleeping Computer has confirmed with multiple companies that data samples shared by the threat actor are authentic.
Recently, a threat actor, “rose87168,” claimed to be selling six million records, including sensitive account data, on dark web forums.
CloudSEK’s investigation suggests the breach may have exploited a known security flaw, possibly allowing unauthorized access and data exfiltration. The vulnerable Oracle Cloud subdomain, which has subsequently been removed.
Oracle dismissed the claims, although cybersecurity firm CloudSEK and independent researchers found evidence supporting the breach.
As further proof, the threat actor uploaded a file to an Oracle login server, raising more questions about Oracle’s denial.
A Tenuous Denial
Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, says “Oracle’s outright denial of a breach appears increasingly tenuous given that affected customers have now verified ...
Copyright of this story solely belongs to informationsecuritybuzz.com . To see the full text click HERE