[NEW YORK] Oracle has told customers that a hacker broke into a computer system and stole old client log-in credentials, according to two sources familiar with the matter. It’s the second cybersecurity breach that the software company has acknowledged to clients in the last month.
Oracle staff informed some clients this week that the attacker gained access to usernames, passkeys and encrypted passwords, according to the sources, who spoke on condition that they not be identified because they are not authorised to discuss the matter.
Oracle also told them that the FBI and cybersecurity firm CrowdStrike Holdings are investigating the incident, according to the sources, who added that the attacker sought an extortion payment from the company. Oracle told customers that the intrusion is separate from another hack that the company flagged to some health-care customers last month, the sources said.
An Oracle representative did not respond to messages seeking comment. The FBI declined to comment, while a CrowdStrike representative referred questions to Oracle.
Information about the stolen credentials started coming out last month, when an unidentified person began trying to sell data online that they claimed to have stolen from the Austin, Texas-based company’s cloud servers. Following these claims, which were previously reported by Bleeping Computer, Oracle denied that its cloud storage product had been hacked.
In a statement to customers, which was seen by Bloomberg News, the company said, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
This week, Oracle staff acknowledged to some clients that an attacker had gotten into what the company called a “legacy environment”, according to the sources. The company informed customers that the system has not been in use for eight years and that the stolen client credentials therefore pose little risk, the sources said.
A third source familiar with the breach said the stolen data included Oracle customer log-in credentials from as recently as 2024. That source also spoke on condition that they not be identified because they are not authorised to discuss the matter.
Researchers from the cybersecurity company Trustwave Holdings validated the data posted for sale online as directly extracted from Oracle, according to Karl Sigler, senior security research manager at Trustwave SpiderLabs Threat Intelligence. He described the stolen material as a “rich dataset” that could be used by hackers to send out phishing e-mails and potentially take over people’s accounts.
Separately, hackers broke into another Oracle computer system and stole patient data in an attempt to extort multiple medical providers in the US, Bloomberg News reported late last month.
In March, Oracle alerted some users of its patient records management software that sometime after Jan 22, hackers accessed company servers and copied patient data to an outside location, according to a notification the software company sent to clients. BLOOMBERG
