据报道，Oracle 遭受了 2 起独立的违规事件，暴露了数千名客户的个人身份信息（PII）

发布于 3 月 29 日

Main Points: Oracle is not commenting on reports of two data breaches. One breach was by Oracle Health in February where a threat actor accessed a server and took patient data from US hospitals, and notifications were on plain paper. Another breach occurred eight days ago with an anonymous person posting 6 million records of authentication data of Oracle Cloud customers. Outside security firms reviewed the data and said it seemed genuine. Cloudsek rated the threat as medium confidence and high severity with over 140,000 tenants affected. Trustwave's Spider Labs said the LDAP credentials revealed sensitive IAM data. Oracle initially denied the cloud infrastructure breach but later had no comment when asked. There is a stand-off over the breaches and the use of unofficial letterhead for notifications.
Key Information:
- Oracle Health breach in February with data from US hospitals.
- Anonymous person posting 6 million Oracle Cloud customer records eight days ago.
- Security firm reviews and ratings of the threats.
- Oracle's initial denial and later no comment.
Important Details:
- Bleeping Computer published the reports.
- Seema Verma signed the breach notifications.
- The data was obtained by exploiting a vulnerability.
- Oracle Cloud services are involved.
- The post will be updated with new information.

阅读 7