Oracle says “obsolete servers” hacked, denies cloud breach www.bleepingcomputer.com/news/secu…

Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as “two obsolete servers.”

However, the company added that its Oracle Cloud servers were not compromised, and this incident did not impact customer data and cloud services.

“Oracle would like to state unequivocally that the Oracle Cloud—also known as Oracle Cloud Infrastructure or OCI—has NOT experienced a security breach,” Oracle says in a customer notification shared with BleepingComputer.

“No OCI customer environment has been penetrated. No OCI customer data has been viewed or stolen. No OCI service has been interrupted or compromised in any way,” it added in emails sent from replies@oracle-mail.com, prompting customers to contact Oracle Support or their account manager if they have additional questions.

“A hacker did access and publish user names from two obsolete servers that were never a part of OCI. The hacker did not expose usable passwords because the passwords on those two servers were either encrypted and/or hashed. Therefore the hacker was not able to access any customer environments or customer data.”