Security Firm Challenges Oracle’s Denial with Evidence
In a shocking turn of events, the Oracle Cloud data breach incident has taken a new turn. The Cybersecurity firm CloudSEK has unveiled evidence confirming the exposure of sensitive enterprise data via Oracle Cloud production Single Sign-On (SSO) endpoints. This contradicts Oracle’s denial of any breach, especially as a threat actor claims to be selling 6 million allegedly stolen records.
For those who may not be aware, the Oracle Cloud data breach incident initially surfaced in late November 2022. Oracle, a leading provider of enterprise software solutions, denied any breach, stating that its systems had not been compromised. However, CloudSEK, a prominent cybersecurity firm, has now come forward with evidence that suggests otherwise.
According to CloudSEK, the breach occurred via an Oracle Cloud production SSO endpoint, which is used by thousands of organizations worldwide. The firm claims that the endpoint was left exposed, allowing an attacker to gain unauthorized access to sensitive enterprise data. This data allegedly includes sensitive information such as login credentials, security tokens, and other confidential data.
The evidence presented by CloudSEK includes screenshots, network logs, and other technical data that suggests the breach occurred. The firm also claims that the attack was carried out using a common vulnerability in the Oracle Cloud SSO endpoint, which was previously unknown to the public.
Furthermore, a threat actor has come forward claiming to be selling 6 million allegedly stolen records on the dark web. The records are said to include sensitive information such as login credentials, credit card numbers, and other confidential data. This further adds to the evidence presented by CloudSEK, suggesting that the breach may be more extensive than initially thought.
Oracle, on the other hand, has maintained its stance that no breach occurred. In a statement, the company said, “We have thoroughly investigated the allegations and found no evidence of a breach. Our systems are secure and we continue to monitor them closely for any potential threats.”
However, CloudSEK’s evidence and the threat actor’s claims have raised serious questions about Oracle’s denial. The firm has asked Oracle to provide more information about the breach and to take immediate action to secure the affected SSO endpoint.
The Oracle Cloud data breach incident highlights the importance of cybersecurity in today’s digital age. With the increasing number of cyberattacks and data breaches, it is crucial for organizations to prioritize security and protect sensitive data.
In conclusion, the Oracle Cloud data breach incident has taken a new turn with CloudSEK challenging Oracle’s denial with evidence. The firm has presented compelling evidence that suggests a breach occurred, and the threat actor’s claims further add to the evidence. Oracle, on the other hand, has maintained its stance that no breach occurred. It remains to be seen how this situation will unfold, but one thing is clear – cybersecurity is more important than ever.
Source: https://geekflare.com/news/oracle-cloud-breach-security-firm-challenges-denial-with-evidence/
