Home » Other » General » Supposed OCI data breach
Supposed OCI data breach [message #690332] Wed, 26 March 2025 11:51 Go to next message
John Watson
Messages: 8979
Registered: January 2010
Location: Global Village
Senior Member
There has been a lot of noise about Oracle OCI being hacked, it all starts with this:

https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over- 140k-tenants

Uncle Oracle denies it,

https://www.theregister.com/2025/03/23/oracle_cloud_customers_keys_credentials/

To me, it seems unlikely that the story is correct. It is predicated on the "fact" that an internet facing OCI service was running on WebLogic 11. Out of support for years. I would be astonished if that could even run current versions of related products.

However, I am having to deal with requests from customers to change all passwords and keys pronto and of course I have to do this. Any thoughts? Could the story be true, or could it be some idiot trying to get clicks by publishing rubbish?

Report message to a moderator

Re: Supposed OCI data breach [message #690334 is a reply to message #690332] Thu, 03 April 2025 13:53 Go to previous messageGo to next message
Frank Naude
Messages: 4596
Registered: April 1998
Senior Member
We were asked to change our passwords. However, it is unlikely to be true. Even if you give someone your OCI password, they would not be able to log in without you authorizing the connection through 2FA.

Report message to a moderator

Re: Supposed OCI data breach [message #690352 is a reply to message #690332] Thu, 15 May 2025 04:28 Go to previous message
John Watson
Messages: 8979
Registered: January 2010
Location: Global Village
Senior Member
Just to wrap this up, it does indeed seem to be a fuss about nothing. It's hard to track down what actually happened, but it seems to be to do with a company Uncle Oracle bought a couple of years ago: Cerner Corporation, a US healthcare IT company. Cerner has since been re-badged as Oracle Health. The villains got into one or two legacy Cerner servers that hadn't yet been migrated to OCI, using stolen credentials. So OCI certainly wasn't hacked. I guess one can blame Oracle for not adequately securing its newly acquired systems, but that's all.

Report message to a moderator

Previous Topic: Monitoring Oracle
Next Topic: DB 12.2 New Features Guide
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Jul 13 13:28:02 CDT 2025
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.