Comment by prdonahue

5 days ago

We're primarily an AWS shop but some Oracle BDR assigned to cover us recently reached out on LinkedIn.

I asked for an incident report and received this terse response:

> There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.

5 comments

prdonahue

decimalenough 5 days ago

Per article, Oracle has hastily rebranded the breached service as "Oracle Classic", for the sole purpose of being able to claim with a straight face that "Oracle Cloud" was not impacted.

smithkl42 5 days ago
FWIW, that doesn't appear to be a "hasty rebrand" - Oracle has had this distinction for a long time.
https://docs.oracle.com/en/cloud/saas/enterprise-performance...
- decimalenough 5 days ago
  
  The hacker has demonstrated that they have/had write access to URLs under login.us2.oraclecloud.com. It's incredibly disingenuous on Oracle's part to claim that this is not "Oracle Cloud".

blast 5 days ago

That exact statement is quoted in the OP too.

prdonahue 5 days ago

Yeah, they've clearly been given some minimal company line and aren't deviating from it. Not going to win any trust.