Oracle Tried to Coverup This Data Breach

Mental Outlaw

4 Apr 202510:57

Summary

TLDROracle suffered a major security breach in March 2025, exposing the credentials of over 6 million customers. Initially denying the incident, Oracle later admitted to a breach but downplayed its significance, claiming it involved legacy systems. However, investigations revealed outdated software and exploitable vulnerabilities, exacerbating the incident's severity. The breach raised concerns about supply chain security, especially in industries reliant on Oracle's services. Oracle's poor response and lack of transparency, alongside their restrictive business practices, have led to a class-action lawsuit. The incident highlights the critical need for regular server maintenance and security updates.

Takeaways

😀 Oracle experienced a major security breach in March 2025, compromising the credentials of over 6 million customers, with potential long-term impacts on industries like retail, healthcare, and transportation.
😀 The breach involved Oracle's 'cloud classic' infrastructure, which the company initially tried to downplay as legacy data, despite still offering it as a current product.
😀 Hackers gained access to sensitive data, including emails, GUID strings, and JKS files, which could lead to phishing attacks and further security risks for affected companies.
😀 Oracle's response to the breach was criticized for initially denying it and later minimizing the impact, undermining trust among its customers.
😀 The breach is potentially a supply chain attack, as many companies rely on Oracle's database services but may not be aware of its security vulnerabilities.
😀 Oracle's attempts to cover up the breach involved pressuring external sites like Archive.org to remove evidence of the hack, showcasing a lack of transparency.
😀 A hacker named Rose exposed Oracle's weak security by uploading proof of access and publishing a conversation with Oracle's customer support, highlighting how easily the breach could have been prevented.
😀 The compromised system was running outdated software, such as Oracle Fusion Middleware 11g, which hadn’t been updated in over a decade, making it an easy target for attackers.
😀 Oracle's failure to maintain its systems and address vulnerabilities led to the breach, revealing a problem with 'system sprawl' and lack of proper oversight on older infrastructure.
😀 A class action lawsuit has been filed against Oracle, emphasizing the company's responsibility to handle security incidents properly, and offering affected customers a potential financial settlement.

Q & A

What happened during the Oracle security breach in March?
-In March, Oracle's cloud infrastructure was hacked, exposing the credentials of over 6 million customers. The breach primarily affected Oracle's 'cloud classic' infrastructure, which is still being sold to businesses despite being outdated.
How did Oracle initially respond to the breach?
-Oracle initially denied the breach and attempted to downplay the incident. They later claimed that it only involved 'legacy systems' with outdated data, although evidence suggested otherwise.
Why is Oracle's denial of the breach significant?
-Oracle's denial was significant because it contradicted independent proof provided by hackers, which revealed they had access to Oracle's servers. The company's refusal to acknowledge the breach only worsened its credibility.
What does Oracle's cloud classic service refer to?
-Oracle's 'cloud classic' service refers to an older version of its cloud infrastructure that businesses can still purchase. Despite being outdated, Oracle continues to sell and support this service.
What types of data were exposed during the Oracle breach?
-The breach exposed customer credentials, including emails, GUID strings (unique identifiers), JKS files, and other sensitive authentication data. This could lead to phishing attacks and further compromises.
What is the potential long-term impact of this breach?
-The breach could lead to widespread supply chain compromises, affecting industries that rely on Oracle’s database services, such as retail, healthcare, airlines, and shipping. The breach may have lasting effects for years.
How did the hacker Rose help verify the breach?
-Hacker Rose uploaded a text file containing their email address to an Oracle server, which provided proof of access. They also shared a live chat with Oracle's customer support, where they used stolen credentials to log into a customer account.
What is the significance of Oracle's outdated systems in the breach?
-Oracle's outdated systems, which hadn’t been updated in years, made it easy for hackers to exploit known vulnerabilities. This neglect led to the successful attack, showing the risks of using old, unsupported software.
What vulnerability was exploited in the Oracle breach?
-The breach exploited CVE-2021-35587, a critical vulnerability in Oracle Access Manager, which allowed unauthenticated attackers to compromise the system remotely via HTTP.
How has Oracle's reputation been affected by this breach?
-Oracle's reputation has been severely damaged by the breach, especially given its attempts to cover it up. The company is already known for aggressive business practices, and this incident only reinforced its negative image.
What legal action has been taken against Oracle in response to the breach?
-A class action lawsuit has been filed against Oracle in Texas, likely due to their handling of the breach and their failure to adequately protect customer data. The outcome of this lawsuit could lead to significant financial consequences for Oracle.