The compromise led to the theft of ‘old’ log-in credentials and included a demand by the attacker for an extortion payment, according to a Bloomberg report.
Oracle privately disclosed to customers that a threat actor has been discovered to have compromised a “legacy” environment, in a breach that has included the theft of certain log-in credentials, according to a report.
According to the Bloomberg report, which cited individuals familiar with the matter, the impacted environment has not been used in eight years and the affected credentials are “old.”
[Related: 10 Major Ransomware Attacks And Data Breaches In 2024]
The attack did include a demand by the attacker for an extortion payment, according to Bloomberg.
CRN has reached out to Oracle for comment.
Bloomberg’s report did not provide further specifics about the impacted environment.
In late March, BleepingComputer reported about a threat actor who claimed to have stolen data from Oracle Cloud servers. Oracle repeatedly denied that a cloud incident had occurred in statements to media outlets.
“There has been no breach of Oracle Cloud (OCI). The published credentials are not for OCI. No OCI customers experienced a breach or lost any data,” an Oracle spokesperson said in a statement provided to CRN on March 27.
The report from Bloomberg indicated that an unspecified number of customers were notified this week by Oracle about the breach.
The compromise reportedly affected credential data including usernames and passkeys as well as encrypted passwords.
Additionally, Bloomberg reported that a person familiar with the incident contradicted Oracle’s statement that the stolen data was from older systems — saying that Oracle log-in credentials from as recently as last year were among those affected.
