Earlier this month, a threat actor going by Rose87168 claimed to have breached Oracle Cloud’s federated SSO servers and exfiltrated around 6 million records, affecting over 144,000 Oracle clients. The hacker provided an internal customer list and threatened to sell the data unless clients paid to remove their data from the trove, which included single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, tenant data, and more. Rose87168 has also solicited help from the hacking community to crack the hashed password in trade for some of the data.
Oracle is a public company. Public companies must file data breaches with the SEC or they can get into some hot water. They are not ran by smart people.
You mean the SEC in the US? You’re kidding right? Nobody cares about any of that anymore. Does the SEC even still exist? Worst case scenario, Oracle just gives some money to Cheeto and they’re done
Yes. It exists. Whether or not they are actively enforcing anything during the current administration is open to question. The fortune 10 company I work for takes the SEC seriously.
Glass house?
Never heard of ESL, or autocorrupt? Maybe put your rocks down, sweetheart.
Autocorrupt are politicians in South America and elsewhere.