Oracle Customers Confirm Data Stolen In Alleged Cloud Breach Is Valid

An anonymous reader quotes a report from BleepingComputer: Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named 'rose87168' claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company. In addition to the data, rose87168 shared an Archive.org URL with BleepingComputer for a text file hosted on the "login.us2.oraclecloud.com" server that contained their email address. This file indicates that the threat actor could create files on Oracle's server, indicating an actual breach. However, Oracle has denied that it suffered a breach of Oracle Cloud and has refused to respond to any further questions about the incident.

"There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer last Friday. This denial, however, contradicts findings from BleepingComputer, which received additional samples of the leaked data from the threat actor and contacted the associated companies. Representatives from these companies, all who agreed to confirm the data under the promise of anonymity, confirmed the authenticity of the information. The companies stated that the associated LDAP display names, email addresses, given names, and other identifying information were all correct and belonged to them. The threat actor also shared emails with BleepingComputer, claiming to be part of an exchange between them and Oracle.

What a perfect response...

[Dru Nemeton]

...The thing that happened, did not happen...

...The thing that you are experiencing, you are not experiencing...

...The thing that you can see with your own eyes, you can not see with your own eyes...

Reminds me of the current Trump administration.

Re:

[Pascoea]

It does have kind of a familiar ring to it.

Re:

[ArchieBunker]

That didn't happen.
And if it did, it wasn't that bad.
And if it was, that's not a big deal.
And if it is, that's not my fault.
And if it was, I didn't mean it.
And if I did, you deserved it.

We witnessed all the levels simultaneously a few days ago.

He learned it from Putin

[Somervillain]

...The thing that happened, did not happen... ...The thing that you are experiencing, you are not experiencing... ...The thing that you can see with your own eyes, you can not see with your own eyes... Reminds me of the current Trump administration.

Putin really pioneered this in the modern era. My political opponents dying?...it's just bad luck. I didn't do anything. Those people invading Ukraine in 2014?...not our guys! The ceasefire I proposed? I'm not violating it when I attack Ukraine. That guy who made me look weak?...it's tragic his plane crashed that way.

You can debate Trump's connection to Putin, but there's no doubt, Trump has learned a lot by watching him...at the bare minimum...and has emulated Putin's strategies in both his presidencies.

Re:

[stabiesoft]

I agree to a point, but just a point. Trump is more like a petulant crybaby child. Putin is a full on killer. Until Trump starts offing people willy nilly, putin just eclipses trump. Another point I'd make as well I thought of today. When trump's klutz's included that atlantic journalist in very restricted classified info, trump took it in stride. Something tells me putin would have them fall out a window accidentally or they would have eaten something that caused blood and vomit. Putin does not put up with

Re:

[sound+vision]

In the late 90s as Putin was making his political ascent, he had a position in some kind of security/counter-terrorism bureau. There were a series of apartment bombings in Moscow, which killed many Russians. The official line is that it was Chechen rebels. However there is compelling evidence that it was orchestrated by the KGB as a false flag. The indisputable result is Putin's rapid political ascent and explosion in popularity.

There's been talk that the current US administration would like a similar catas

Wouldn't it be nice

[sizzlinkitty]

Wouldn't it be cool if Oracle could be held liable for spreading lies and misinformation for denying their breach? Yea it hurts their brand but we need better rules in place to keep companies honest.

Re:

[davepander]

I think this might be a good meta punishment. If you lie about it, you get fined. BTW are there any fines for being breached?

Re:Wouldn't it be nice

[sizzlinkitty]

Their could be possible fines if they lost PII, PHI, or other protected information as defined by local, state and federal data protection laws. The kicker is if they even lost any protected information, it would be up to a government official if they want to pursue Oracle in court.

The biggest fine they could incur IMHO would be if they have cyber breach insurance, their rates are definitely going to increase.

Oracle claims to be SOC 2 in addition to a bunch of others. That said, this breach is direct proof they were not SOC 2 compliant, if the compromise happened by using CVE-2021-35587 found in Oracle Fusion Middleware 11g. Oracle was either not scanning everything on a regular bases or not patching / deploying mitigating controls as required by their own security policy.

Re: Wouldn't it be nice

[drinkypoo]

Seems like the SEC could have something to say about it, if they are still operating

Re:

[LowTechSwede]

If there is any personal data in the breach regarding European nationals, Oracle's bacon is fried under GDPR legislation. Failing to promptly disclose triggers potential fines big enough to prompt a yacht sale.

Re:

[CaptainOfSpray]

Sorry. You are too late.

The USA has given up on punishing lies, liars, perjurers, tax cheats, bribers, bribe recipients, and foreign agents.

companies need to realize they are not Trump

[Jayhawk0123]

The ability to lie and get away with it is only reserved for the current administration.

Stay in your lane...

For companies, they need a different playbook. When something can be demonstrably proven, them lying about it, and then proven to have lied is just stupid.

Re:

[sarren1901]

Politicians have been lying and getting away with it since forever. Big business leaders the same. It won't change either. People cheat, lie and steal.

Credit monitoring

[mprindle]

Great! I really need another year of worthless credit monitoring.

Larry

[labnet]

Larry will barely raise one eyebrow while going back to stroke his bald cat.

And they want to buy TikTok?

[Tablizer]

...That's like hiring Jeffery Dahmer to run a morgue.