Summary: Oracle has informed select clients about a security breach where attackers accessed legacy environments, exposing outdated user credentials. Data from the breach, including usernames and hashed passwords, has been shared publicly, raising concerns due to the potential for misuse. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning around the risks of compromised credentials in this incident.
Affected: Oracle Corporation
Keypoints :
- Attackers breached an Oracle legacy environment, compromising user data from as recent as 2024.
- 6 million user records, including LDAP data, were posted on a hacking forum by an individual known as rose87168.
- CISA highlights the risks posed by reused credentials and urges organizations to audit scripts and enforce stronger password management practices.
- Recommendations include resetting affected passwords and implementing phishing-resistant multi-factor authentication (MFA).
Source: https://securityonline.info/cisa-warns-of-credential-risks-tied-to-oracle-cloud-breach/