Summary: The video discusses a potential data breach involving Oracle Cloud, initially reported on a breach forum, where a user claimed to have accessed credentials for 6 million accounts. While Oracle initially denied a breach, they later acknowledged unauthorized access to two outdated servers, insisting that their core Oracle Cloud Infrastructure remained secure.
Keypoints:
- In early April, a potential data breach of Oracle Cloud was reported, citing credentials for 6 million users.
- The breach information was originally published on March 20th by a user named rose87168 on a security forum.
- Oracle quickly denied being breached, stating only Oracle Cloud Classic was affected.
- After two weeks, Oracle reached out to two large users regarding the breach, which gained attention on social media.
- Oracle claimed that the Oracle Cloud Infrastructure (OCI) was not breached, only that there was unauthorized access to old servers.
- The hacker published usernames from two obsolete servers but did not access usable passwords, as they were encrypted or hashed.
- Oracle emphasized that no customer environments or data were compromised during this incident.
- No official 8K filing to the SEC concerning the breach had been found at the time of the video.
Youtube Video: https://www.youtube.com/watch?v=B4K9XK7QNUo
Youtube Channel: Hak5
Video Published: Sat, 19 Apr 2025 16:00:22 +0000