Oracle has confirmed a cyber breach where old login credentials were stolen, marking the second incident in one month. The organization initially denied any breach, creating concerns around transparency. The breach involved two outdated servers that stored usernames with encrypted and/or hashed passwords. While the attacker was unable to crack the credentials, the exposure of usernames poses a risk for social engineering and credential stuffing attacks. Security expert Casey Ellis highlights the need for clear communication from organizations when such incidents occur to maintain trust and reduce potential exploitation risks.
Oracle's initial denial of the breach has drawn criticism. Their eventual acknowledgment highlights the importance of timely, coordinated, and transparent communication.
Although the attacker admitted they couldn't crack the passwords, the exposure of usernames alone isn't harmless. Usernames can be weaponized in social engineering attacks.
Collection
[
|
...
]