A dispute has arisen between Oracle and cybersecurity researchers over a reported security breach involving six million records linked to Oracle's Cloud SSO service. A threat actor named 'rose87168' claimed to have hacked Oracle, publishing data potentially including encrypted passwords and other sensitive information, with demands for payment from affected companies. CloudSEK indicated the breach resulted from a server vulnerability, while Oracle refuted these claims, asserting no customer data was compromised. This ongoing conflict underscores concerns about cloud security and potential vulnerabilities in critical authentication infrastructures.
The threat actor has demonstrated sophisticated capabilities by targeting a critical authentication infrastructure, suggesting an organized and persistent threat operation.
Oracle strongly denied the claims by both the threat actor and CloudSEK, insisting no customers have been impacted.
The SSO passwords are encrypted, they can be decrypted with the available files, also LDAP hashed passwords can be cracked.
Researchers at CloudSEK suggested the root cause of the breach appears to have been a failure to patch a server affected by a critical vulnerability.
Collection
[
|
...
]