Oracle Denies Hack Despite Hacker's Evidence: Cyber Security Today for March 26, 2025

Cybersecurity Today: Episode Summary

Title: Oracle Denies Hack Despite Hacker's Evidence: Cyber Security Today for March 26, 2025
Host: Jim Love
Release Date: March 26, 2025
Podcast Description: Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

1. Oracle Denies Cloud Systems Breached

Timestamp: [00:02]

Jim Love opens the episode by addressing recent claims against Oracle, where a hacker alias rose87168 alleges the theft of 6 million user records from Oracle's cloud systems. The hacker claims to have accessed encrypted passwords, single sign-on credentials, Java key store files, and other sensitive configuration data from Oracle's cloud login servers. Despite these allegations, Oracle firmly denies any breach.

Notable Quotes:

• Jim Love: "Oracle is denying claims that its cloud systems were breached after a hacker alleged they had stolen 6 million user records." [00:02]
• Oracle's Statement: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data."

The hacker reportedly demanded 100,000 Monero, citing its privacy-focused and trace-resistant nature, in exchange for the data and instructions to fix the alleged vulnerability. When Oracle did not comply, the data was offered for sale, with an added proposition for companies to pay to have their employee records removed from the dataset before its sale.

Jim Love: "The authenticity of the stolen data has not been independently verified. Oracle continues to insist that its systems remain secure and that no customer data has been compromised." [00:02]

A link provided by the hackers showing a .TXT file uploaded to what appears to be Oracle's cloud servers was presented to Bleeping Computer, who sought clarification from Oracle regarding how the file was placed without server access. As of the episode's airing, Oracle had not responded.

2. Leakage of Classified Military Information

Timestamp: [00:02 - 03:50]

Jim transitions to a high-profile incident involving Jeffrey Goldberg, editor-in-chief of The Atlantic. Goldberg was mistakenly added to a Signal Group chat that discussed classified U.S. military strikes in Yemen against the Houthi militant group. The chat included details on targets, weapons, and the timing of a bombing campaign, involving high-level members of the Trump administration.

Notable Quotes:

• Jeffrey Goldberg: "I received the message on March 11 from someone claiming to be National Security Adviser Michael Walsh." [00:02]
• Jim Love: "It's the ultimate in sloppiness." [03:50]

Initially, Goldberg suspected a hoax or foreign disinformation campaign, but subsequent U.S. airstrikes two hours after the group's final message confirmed the plans were real. The messages named several U.S. officials, including Pete Hegseth, JD Vance, Marco Rubio, and Tulsi Gabbard, and discussed diplomatic communications and classified systems.

The leak has caused significant uproar due to several security lapses:

• Use of Signal: Despite being an encrypted app, Signal is deemed inappropriate for transmitting U.S. military secrets.
• Potential Compromise: There is a possibility that communications were intercepted by Russians or others, as Signal has been breached in the past.
• Unauthorized Devices: Communication likely occurred on regular cell phones instead of approved government devices.
• Operational Security: At least one participant may have been in Moscow during the communications, raising concerns about information security.

Goldberg prudently declined to publish the name of an active intelligence officer and withheld other top-secret details to prevent further security breaches.

Jim Love: "Many critics have noted that if the average military officer would have demonstrated this degree of carelessness with top secret records, they would have been court-martialed and possibly even jailed." [03:50]

3. Troy Hunt's Phishing Attack and Data Breach

Timestamp: [03:50 - 07:50]

Jim discusses a phishing attack targeting Troy Hunt, the founder of Have I Been Pwned? Hunt's Mailchimp account was compromised, leading to the exposure of approximately 16,000 email subscribers' information, including around 7,500 unsubscribed individuals. Hunt expressed frustration over Mailchimp's retention of unsubscribed users' data and is investigating whether a configuration issue on his part contributed to the breach.

Notable Quotes:

• Troy Hunt: "The breach affected both active subscribers and around 7,500 individuals who had previously unsubscribed." [03:50]
• Troy Hunt: "While two-factor authentication via one-time passcodes offers some security, it remains vulnerable to automated phishing attacks that can relay these codes in real time." [06:20]
• Jim Love: "The moral Stay humble. We all make mistakes. Stay open. Talk to people about them when you make them." [07:30]

The phishing attack involved a crafted email that created a sense of urgency, prompting Hunt to log into a fraudulent page where he entered his credentials and a one-time passcode. Although Hunt realized the deception moments later, the automated attack had already succeeded in exporting his mailing list within minutes.

Hunt highlighted the limitations of traditional two-factor authentication (2FA) methods, emphasizing that Mailchimp does not support phishing-resistant options like hardware security keys or pass keys. He criticized the Outlook iOS app for displaying the email sender name as Mailchimp Account Services while hiding the domain, making the fraudulent email appear legitimate.

Jim reflects on the incident, acknowledging that even well-trained individuals like Hunt can fall victim to phishing attacks. He shares a personal anecdote about almost clicking a fake link, thanks to his wife's intervention, emphasizing the universal vulnerability to such attacks.

Jim Love’s Takeaways:

• Stay Humble: Acknowledge that mistakes happen.
• Stay Open: Communicate openly about errors to foster better security practices.
• User vs. Defense Layers: The strength of security doesn't solely depend on users but on effective communication and layered protections.

4. Closing Thoughts

Timestamp: [07:50]

Jim wraps up the episode by reinforcing the importance of humility, open communication, and the continuous improvement of security practices. He underscores that maintaining robust cybersecurity requires collective awareness and vigilance.

Jim Love: "Stay humble. We all make mistakes. Stay open. Talk to people about them when you make them. And let's remember that the difference between whether a user is the weakest link or another layer of protection doesn't depend on them totally, but how well we communicate." [07:30]

Jim thanks listeners for tuning in and signs off, leaving them with actionable insights and reflections on the discussed cybersecurity incidents.

Overall Summary: In this episode of Cybersecurity Today, Jim Love delves into three significant cybersecurity incidents: Oracle's denial of a cloud system breach amidst hacker allegations, a serious leak of classified U.S. military information involving The Atlantic's editor, and a phishing attack targeting Troy Hunt resulting in a substantial data breach. The discussions highlight the evolving challenges in cybersecurity, the importance of robust security protocols, and the human element's role in safeguarding sensitive information. Through detailed analysis and expert insights, listeners gain a comprehensive understanding of current cybersecurity threats and best practices to mitigate them.