Oracle support has recently clarified claims of a data breach – one of the security incidents involved legacy servers.
Preface
Oracle support has recently issued notifications about a widely reported security incident. According to a recent email from Oracle support, there is no risk to Oracle Cloud – the company says that “<…> Oracle would like to state unequivocally that the Oracle Cloud – also known as Oracle Cloud Infrastructure or OCI – has not experienced a security breach.”
However, Oracle support has acknowledged that legacy servers were affected by a security breach. There are other things you should be aware of, too.
The Legacy Servers of Oracle and Oracle Support
At the same time, legacy Oracle Cloud servers were compromised. According to the Cybersecurity and Infrastructure Security Agency (CISA), there is a heightened likelihood of credential compromise for organizations that have used a legacy Oracle Cloud environment in the past. According to the agency, “While the scope and impact remain unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals”, – that’s what CISA said in its advisory on the topic.
According to sources on the web, it was the legacy servers belonging to Oracle that have experienced a data breach. Compromised data includes credentials like usernames, email addresses, passwords as well as authentication tokens and encryption keys. Hence, regardless if you’re a current customer of Oracle or have used its services in the past, it’s a great idea to change your passwords associated to the email addresses used on the service.
Oracle Support Confirms January Data Breach
The incident involving legacy servers and Oracle support dates back to January when news broke that Oracle had alerted some of its healthcare customers that sometime around the end of January, it appeared that hackers broke into its servers and stole patient data.
According to Reuters, the FBI has been probing into the cyberattack at Oracle ever since – it appears that the attack was aimed at multiple medical providers across the U.S. and that the hackers accessed older servers, thus accessing data that hasn’t yet been shifted to the cloud storage service belonging to Oracle. Oracle seems to have been aware of the data breach ever since late February.
Am I Affected?
According to CISA, the Oracle data breach poses a potential risk to customers because data in the data breach can be used to further identity theft and account takeover (ATO) attacks using credential stuffing or other means.
That’s true even if your applications are protected from injection or other attacks since what happens during those phases is that an attacker possessing huge amounts of stolen data simply peruses these data sets to access other, seemingly unrelated, services by reusing the same username/email and password combination: credential stuffing attacks are successful due to the fact that people reuse passwords and because of the fact that there are hundreds of millions of exposed records available for them to peruse.
To make sure you’re not affected by a data breach pertaining to Oracle support or other services, make good use of data breach search engines like BreachDirectory. Data breach search engines will let you ensure that your account – no matter if you search for a username, email, or IP address – isn’t compromised and if it is, advise you on what to do next (e.g. changing your passwords, etc.)
The BreachDirectory data breach notification service, on the other hand, will provide you with monthly alerts pertaining to your email address and tell you whether your email address is at risk of identity theft or not. Developers can peruse the BreachDirectory API to implement the data inside of BreachDirectory into their services.
Summary
Oracle has suffered a data breach, though it wasn’t directly related to their Oracle Cloud Infrastructure, or OCI. According to Oracle support and sources on the web, the data pertaining to the data breach includes credentials like usernames, email addresses, passwords as well as authentication tokens and encryption keys that have been stored on legacy servers of Oracle potentially putting former Oracle customers at risk.
Regardless if you’re at risk or not, please change your passwords frequently. The usage of a good password manager can help greatly in this regard – if you’re looking for one, look into LastPass, 1Password, Dashlane, as well as other security solutions like data breach search engines and the BreachDirectory API for developers. Also don’t forget to register for data breach notifications to be informed once your data gets stolen, and until next time.