Oracle Tells Clients of Second Recent Hack, Log-In Data Stolen
- Reference: 0176916319
- News link: https://developers.slashdot.org/story/25/04/03/198224/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen
- Source link:
> Oracle has told customers that a hacker broke into a computer system and [1]stole old client log-in credentials , according to two people familiar with the matter. It's the second cybersecurity breach that the software company has acknowledged to clients in the last month.
>
> Oracle staff informed some clients this week that the attacker gained access to usernames, passkeys and encrypted passwords, according to the people, who spoke on condition that they not be identified because they're not authorized to discuss the matter. Oracle also told them that the FBI and cybersecurity firm CrowdStrike are investigating the incident, according to the people, who added that the attacker sought an extortion payment from the company. Oracle told customers that the intrusion is separate from another hack that the company flagged to some health-care customers last month, the people said.
[1] https://finance.yahoo.com/news/oracle-tells-clients-second-recent-213011742.html
Sounds great /s (Score:2)
> Second Recent Hack, Log-In Data Stolen
What's that Scotty, "Fool me twice, shame on me?" :-)
Can't wait for Oracle to buy and (re)host TikTok (again) ... [1]TikTok Ban Deadline Nears. Trump To Hear Plans With Oracle Seen As Front-Runner. [investors.com]
> "There are a host of bidders for the TikTok golden asset, but we continue to strongly believe any deal is structured and centered around Oracle and (Oracle Chairman Larry) Ellison," Ives wrote. Oracle hasn't formally expressed interest in TikTok. But the tech giant has been linked to TikTok in several reports.
> Oracle has a previous agreement with TikTok to [2]host U.S. TikTok user data [investors.com] on servers in the U.S., which was called Project Texas.
> The potential new deal has been dubbed [3]"Project Texas 2.0" [investors.com], Politico reported in March. Oracle would oversee data for American users and ensure the Chinese government does not have access[*], according to the Politico report.
[* Except their login-in data. :-) ]
[1] https://www.investors.com/news/technology/tiktok-ban-oracle-stock-trump-tariffs-april-5-deadline/
[2] https://www.investors.com/news/technology/oracle-tiktok-ban-cloud-business-oci/
[3] https://www.investors.com/news/technology/oracle-stock-tiktok-bank-trump-larry-ellison/
Always, only a matter of time. (Score:1)
All databases will get hacked.
Its only a matter of time.
There isnt a single dataset that's remained private on the public internet.
Its just ridiculous to think that it wouldn't happen to Oracle.
With a footprint as large as "The One" database (that nobody can really own) was always doomed.
With the push to make everything an Oracle database how could Oracle not see this coming?
Its been on my mind for over ten years.
Re: (Score:3)
This is like saying "all planes will crash eventually (assuming they are operated for an infinite amount of time)". There is a difference between that and criminal negligence. Oracle didn't update Oracle Access Manager in their Oracle Cloud Classic product, leaving a known vulnerability from 2021 unpatched, which was then exploited by a third-party. Imagine taking 4 years to update your own software running on your own service.
tiktok (Score:2)
If ByteDance sells Tiktok it will definitely be to a company they can hack. Oracle looks perfect but no way Tiktok would remain free for users.
They went and did it... (Score:2)
They just *had* to let little Bobby Tables sign up with them.
Re: (Score:2)
This was an unpatched vulnerability in Oracle Access Manager from 2021, not a little Bobby Tables SQL injection exploit. Yes, Oracle took 4 years to update their own Oracle Access Manager software running on their own Oracle Cloud Classic service (and I doubt they would've patched it if not for the breach).
Cheaper than possible engineering (Score:2)
It is high time to stop seeing these assholes as victims. They are perpetrators because they did not secure this data adequately. They did so because of greed and likely incompetence. Both are inexusable. They should be punished. If this repeats, they should eventually be forbidden from storing such data completely.
The competence of private industry (Score:2)
It always amuses me when people talk about how bad government is when stuff like this happens every other day in private industry.
And what will be the effect? Nothing. People will shrug and move on. Had this been government people would be up in arms.
can't be THAT old... (Score:2)
It can't be 'THAT' old because Oracle has only been offering Passkey authentication since August of 2023. So it has to be newer than that.
QUICK GIVE THEM TWITTER (Score:2)
They got hacked? TWICE? Didn't disclose? If only there were regulations about this and a government entity not fired by DOGGIE BOYZ to enforce.
QUICK, Someone, Anyone, give them Twitter (formerly X).
Can't wait to see the stock market tank (again) because of Orange-Soda-Boy, GambleGate, and DOGGIE.
E
P.S. "Gate" comes from the hotel name in the Watergate scandal. You don't just get to add "gate" to something and make it a thing.
idiotgates.
Re: QUICK GIVE THEM TWITTER (Score:2)
If your 401k is evaporating after you're already retired then you're doing it wrong.