Home » Other » General » Supposed OCI data breach
Supposed OCI data breach [message #690332] Wed, 26 March 2025 11:51
John Watson
Messages: 8974
Registered: January 2010
Location: Global Village
Senior Member
There has been a lot of noise about Oracle OCI being hacked, it all starts with this:

https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over- 140k-tenants

Uncle Oracle denies it,

https://www.theregister.com/2025/03/23/oracle_cloud_customers_keys_credentials/

To me, it seems unlikely that the story is correct. It is predicated on the "fact" that an internet facing OCI service was running on WebLogic 11. Out of support for years. I would be astonished if that could even run current versions of related products.

However, I am having to deal with requests from customers to change all passwords and keys pronto and of course I have to do this. Any thoughts? Could the story be true, or could it be some idiot trying to get clicks by publishing rubbish?


Previous Topic: MOS and MFA
Next Topic: DB 12.2 New Features Guide
Goto Forum:
  


Current Time: Thu Apr 03 03:16:57 CDT 2025