Security researchers at CloudSEK recently discovered that sensitive data from over 140,000 Oracle customers is being sold on the Darknet. These data are believed to have originated from a cyberattack on the Oracle Cloud.
According to the researchers, the attacker may have gained access through a long-known security vulnerability in the Oracle Access Manager (CVE-2021-35587). It is reported that the attacker copied data such as encrypted SSO passwords. The CloudSEK post also indicates that the attacker is now calling for the cracking of passwords and offering a reward for doing so.
In addition, the attacker has posted a list of affected companies on the social media platform X. These companies can contact the attacker so that he can remove their data for a fee.
Despite these findings, Oracle has denied any data breach or security incident. In a statement, the company emphasized its commitment to the security and privacy of its customers’ data and stated that it continuously monitors and updates its systems to protect against cyber threats.
The discovery of this data breach has raised concerns among Oracle customers and cybersecurity experts. With sensitive information at risk, many are calling for increased vigilance and enhanced security measures to prevent similar incidents in the future.
Experts warn that data breaches like this can have serious consequences, including financial loss, reputational damage, and regulatory repercussions. Customers are advised to monitor their accounts closely, change their passwords regularly, and be wary of any suspicious activity.
In response to the data breach, Oracle has recommended that customers review their security settings, update their passwords, and implement multi-factor authentication to enhance their security posture. The company has also pledged to work with law enforcement agencies to investigate the incident and take appropriate action against the perpetrators.
As the investigation into the data breach continues, cybersecurity experts are urging organizations to prioritize cybersecurity and invest in robust security measures to protect their data and mitigate the risk of cyberattacks. With cyber threats becoming increasingly sophisticated, proactive security measures are essential to safeguard sensitive information and maintain trust with customers.