Trustwave's Spider Labs reported that sensitive IAM data, including personally identifiable information and administrative roles linked to an Oracle Cloud user, has been compromised. Oracle vigorously denied the breach's existence, asserting that the leaked credentials do not correlate with its cloud services, and that no data loss has occurred for customers. This situation creates a tension between Oracle and external security researchers, particularly amid reports of Oracle's unofficial notifications about potential data compromises sent to customers, raising questions about security practices within the company.
Trustwave's Spider Labs stated that the sample of LDAP credentials reveals substantial sensitive IAM data in an Oracle Cloud environment, including PII and administrative role assignments.
Oracle denied any breach regarding its cloud infrastructure, asserting that the published credentials do not belong to Oracle Cloud and that no customers have lost data.
The situation involves a standoff between Oracle and researchers questioning the integrity of security, with Oracle refraining from direct comments on the allegations.
Concerns have arisen from reports of Oracle notifying customers about data compromises via unofficial letters issued by outside attorneys.
Collection
[
|
...
]