Oracle has since requested Wayback Machine (Archive.org) to take down the archived URL. Independent cybersecurity researchers are taking to the internet to criticize Oracle’s efforts at coverup. Meanwhile, the threat actor posted a long video of an internal Oracle meeting, presumably from the breach, solidifying their claims.
“In cybersecurity, denial doesn’t neutralize the danger, transparency does,” CloudSEK co-founder and CEO Rahul Sassi told CSO. “This investigation is not about blame, it’s about accountability. It’s about empowering every security team, every customer, and every vendor in the supply chain to act before attackers do.” Affected data from the breach included JKS files, encrypted SSO passwords, key files, and enterprise manager JPS keys, according to CloudSEK. While SSO passwords could be cracked with other breached files, LDAP passwords were encrypted and the threat actor, in their post, sought help with decoding them in exchange for some compromised data.
