Earlier this month, a threat actor going by Rose87168 claimed to have breached Oracle Cloud’s federated SSO servers and exfiltrated around 6 million records, affecting over 144,000 Oracle clients. The hacker provided an internal customer list and threatened to sell the data unless clients paid to remove their data from the trove, which included single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, tenant data, and more. Rose87168 has also solicited help from the hacking community to crack the hashed password in trade for some of the data.
Because they can hide it & not face any consequences.
The number of clients I’ve worked with who are “stuck” with Oracle passes the 50% mark and I’m just one person.
One company said that Oracle offered them a de-obfuscation tool to migrate elsewhere for a mere $2M. Absurd.
Fuck Oracle.
Uh, what, you can’t just pull your data and move elsewhere?
Oracle is not a tech company it’s a racket run by an army of lawyers. Obligatory link to Bryan Cantrill’s talk.
In that market, it might be a decent deal.
Maybe in some cases. This particular company at the time had revenue of $5M, with a much lower net, so $2M want even feasible.
They’re probably not a very good candidate to be an Oracle client either. They typically target larger accounts. Shame to end up stuck like that.