Comment by prdonahue

8 months ago

We're primarily an AWS shop but some Oracle BDR assigned to cover us recently reached out on LinkedIn.

I asked for an incident report and received this terse response:

> There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.

5 comments

prdonahue

decimalenough 8 months ago

Per article, Oracle has hastily rebranded the breached service as "Oracle Classic", for the sole purpose of being able to claim with a straight face that "Oracle Cloud" was not impacted.

smithkl42 8 months ago
FWIW, that doesn't appear to be a "hasty rebrand" - Oracle has had this distinction for a long time.
https://docs.oracle.com/en/cloud/saas/enterprise-performance...
- decimalenough 8 months ago
  
  The hacker has demonstrated that they have/had write access to URLs under login.us2.oraclecloud.com. It's incredibly disingenuous on Oracle's part to claim that this is not "Oracle Cloud".

blast 8 months ago

That exact statement is quoted in the OP too.

prdonahue 8 months ago

Yeah, they've clearly been given some minimal company line and aren't deviating from it. Not going to win any trust.