Oracle has informed customers about a new hack. Login credentials have been stolen. The FBI and CrowdStrike are investigating the incident in which the attacker attempted extortion.
According to Bloomberg sources, Oracle employees informed certain customers this week that a hacker had accessed a computer system. The attacker managed to obtain usernames, access keys and encrypted passwords.
Extortion
The sources state that the attacker demanded money. This intrusion is unrelated to a previous hack that was reported last month. Information about the stolen login details began to come out last month. An unidentified person attempted to sell online data claimed to have been stolen from Oracle’s cloud servers. After these claims , Oracle initially denied that its cloud service had been hacked.
Legacy environment
This week, Oracle employees admitted to some customers that an attacker gained access to what they call a “legacy environment”. According to Oracle, this system has not been used for eight years, meaning the stolen login credentials would pose little risk.
A third source, also familiar with the intrusion, reports that the stolen data included login credentials for Oracle customers from 2024. This information raises questions about the seriousness of the incident and the potential consequences for customers.
Researchers at cybersecurity company Trustwave have validated the data offered for sale online as coming directly from Oracle. Karl Sigler, senior security research manager at Trustwave SpiderLabs Threat Intelligence, described the stolen data as a “rich dataset” that hackers could use for phishing attacks and possibly for account takeovers.