Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Oracle Security

Oracle Tells Clients of Second Recent Hack, Log-In Data Stolen 15

Posted by msmash from the privacy-woes dept.
An anonymous reader shares a report: Oracle has told customers that a hacker broke into a computer system and stole old client log-in credentials, according to two people familiar with the matter. It's the second cybersecurity breach that the software company has acknowledged to clients in the last month.

Oracle staff informed some clients this week that the attacker gained access to usernames, passkeys and encrypted passwords, according to the people, who spoke on condition that they not be identified because they're not authorized to discuss the matter. Oracle also told them that the FBI and cybersecurity firm CrowdStrike are investigating the incident, according to the people, who added that the attacker sought an extortion payment from the company. Oracle told customers that the intrusion is separate from another hack that the company flagged to some health-care customers last month, the people said.

Oracle Tells Clients of Second Recent Hack, Log-In Data Stolen More | Reply

Oracle Tells Clients of Second Recent Hack, Log-In Data Stolen

Comments Filter:

  • They got hacked? TWICE? Didn't disclose? If only there were regulations about this and a government entity not fired by DOGGIE BOYZ to enforce.

    QUICK, Someone, Anyone, give them Twitter (formerly X).

    Can't wait to see the stock market tank (again) because of Orange-Soda-Boy, GambleGate, and DOGGIE.

    E
    P.S. "Gate" comes from the hotel name in the Watergate scandal. You don't just get to add "gate" to something and make it a thing.
    idiotgates.

  • Second Recent Hack, Log-In Data Stolen

    What's that Scotty, "Fool me twice, shame on me?" :-)

    Can't wait for Oracle to buy and (re)host TikTok (again) ... TikTok Ban Deadline Nears. Trump To Hear Plans With Oracle Seen As Front-Runner. [investors.com]

    "There are a host of bidders for the TikTok golden asset, but we continue to strongly believe any deal is structured and centered around Oracle and (Oracle Chairman Larry) Ellison," Ives wrote. Oracle hasn't formally expressed interest in TikTok. But the tech giant has been linked to TikTok in several reports.

    Oracle has a previous agreement with TikTok to host U.S. TikTok user data [investors.com] on servers in the U.S., which was called Project Texas.

    The potential new deal has been dubbed "Project Texas 2.0" [investors.com], Politico reported in March. Oracle would oversee data for American users and ensure the Chinese government does not have access[*], according to the Politico report.

    [* Except their login-in data. :-) ]

  • All databases will get hacked.
    Its only a matter of time.
    There isnt a single dataset that's remained private on the public internet.
    Its just ridiculous to think that it wouldn't happen to Oracle.
    With a footprint as large as "The One" database (that nobody can really own) was always doomed.
    With the push to make everything an Oracle database how could Oracle not see this coming?
    Its been on my mind for over ten years.

    • Re:Always, only a matter of time. (Score:4, Insightful)

      by kurkosdr ( 2378710 ) on Thursday April 03, 2025 @04:46PM (#65279457)
      This is like saying "all planes will crash eventually (assuming they are operated for an infinite amount of time)". There is a difference between that and criminal negligence. Oracle didn't update Oracle Access Manager in their Oracle Cloud Classic product, leaving a known vulnerability from 2021 unpatched, which was then exploited by a third-party. Imagine taking 4 years to update your own software running on your own service.

      • Re: (Score:1)

        by erexx23 ( 935832 )

        Airplanes are not databases and you've proved my point.
        If airplanes were databases they would be falling out of the sky.

        • My point is, there is a difference between saying that "everything will fail or get hacked given an infinite amount of time" and criminal negligence.

  • If ByteDance sells Tiktok it will definitely be to a company they can hack. Oracle looks perfect but no way Tiktok would remain free for users.

  • They went and did it... (Score:3)

    by Junta ( 36770 ) on Thursday April 03, 2025 @04:20PM (#65279371)

    They just *had* to let little Bobby Tables sign up with them.

    • This was an unpatched vulnerability in Oracle Access Manager from 2021, not a little Bobby Tables SQL injection exploit. Yes, Oracle took 4 years to update their own Oracle Access Manager software running on their own Oracle Cloud Classic service (and I doubt they would've patched it if not for the breach).

  • It is high time to stop seeing these assholes as victims. They are perpetrators because they did not secure this data adequately. They did so because of greed and likely incompetence. Both are inexusable. They should be punished. If this repeats, they should eventually be forbidden from storing such data completely.

  • The competence of private industry (Score:4, Insightful)

    by smooth wombat ( 796938 ) on Thursday April 03, 2025 @04:50PM (#65279469) Journal

    It always amuses me when people talk about how bad government is when stuff like this happens every other day in private industry.

    And what will be the effect? Nothing. People will shrug and move on. Had this been government people would be up in arms.

  • can't be THAT old... (Score:3)

    by aldousd666 ( 640240 ) on Thursday April 03, 2025 @05:12PM (#65279527) Journal
    It can't be 'THAT' old because Oracle has only been offering Passkey authentication since August of 2023. So it has to be newer than that.

Slashdot Top Deals

I had the rare misfortune of being one of the first people to try and implement a PL/1 compiler. -- T. Cheatham

Close