Summary: Oracle has confirmed a data breach involving legacy client credentials after attackers exploited vulnerabilities in 2017 systems, affecting user emails and hashed passwords. Despite Oracleβs claims that the breach did not impact Oracle Cloud, evidence suggests otherwise. Additionally, Oracle Health has also experienced a security incident that compromised patient data from U.S. hospitals, with ongoing extortion threats from malicious actors.
Affected: Oracle, Oracle Health
Keypoints :
- Oracle acknowledged a breach involving old client credentials stolen from a legacy environment.
- Data from Oracle Identity Manager, including emails and hashed passwords, was exfiltrated during the attack.
- Oracle Health is under attack, with patient data stolen and hospitals being extorted for ransom.
Source: https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/