TZUTC: -0500   
   MSGID: 969.consprcy@1:2320/105 2c5fbce6   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Oracle says "obsolete servers" hacked, denies cloud breach   
      
   Date:   
   Fri, 11 Apr 2025 15:00:00 +0000   
      
   Description:   
   A recent hack keeps making headlines as hackers sell the data and Oracle   
   downplays their importance.   
      
   FULL STORY   
      
   We now have confirmation that Oracle started notifying its customers about a   
   recent data breach. Apparently, the company stood its ground that it was an   
   irrelevant attack that will make no difference whatsoever.    
      
   In early April 2025, a threat actor with the alias rose87168 opened a new   
   thread on an underground forum to advertise the sale of a database stolen    
   from the company. The database allegedly contained six million records,   
   including private security keys, encrypted credentials, and LDAP entries, all   
   belonging to Oracle customers.    
      
   To confirm the authenticity of the information, the hacker even uploaded a    
   new document to the cloud, containing their own email address.    
      
   Oracle denies severity    
      
   Oracle first denied, and later confirmed the breach, but said it was a   
   pointless attack since the servers were old and unused, and the data    
   contained within was outdated.    
      
   Now, BleepingComputer reports that email notification letters started going   
   out: "Oracle would like to state unequivocally that the Oracle Cloud also   
   known as Oracle Cloud Infrastructure or OCIhas NOT experienced a security   
   breach," the letter allegedly reads.    
      
   "No OCI customer environment has been penetrated. No OCI customer data has   
   been viewed or stolen. No OCI service has been interrupted or compromised in   
   any way," it added in emails sent from replies@oracle-mail.com, prompting   
   customers to contact Oracle Support or their account manager if they have   
   additional questions.    
      
   "A hacker did access and publish user names from two obsolete servers that   
   were never a part of OCI. The hacker did not expose usable passwords because   
   the passwords on those two servers were either encrypted and/or hashed.   
   Therefore the hacker was not able to access any customer environments or   
   customer data."    
      
   A report from The Register claims the data belonging to one of the victims    
   was created in 2024. The investigation is currently ongoing but so far it   
   seems that the attacker exploited a vulnerability in Oracle Access Manager to   
   breach Oracle-hosted servers.    
      
   Cybersecurity experts CrowdStrike are currently analyzing the incident. The   
   FBI was also notified about the attack, Oracle has confirmed.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/oracle-says-obsolete-servers-hacked-den   
   ies-cloud-breach   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426