Kevin Beaumont“The company informed customers that the system has not been in use for eight years and that the stolen client credentials therefore pose little risk, the report added. The stolen data included Oracle customer log-in credentials from as recently as 2024, the report said.”
This would be Oracle Classic, aka Gen1. I’ve been told the systems were left online after migration.. unpatched.
Oracle are trying to play legacy angle - but what else was stolen? What else did the attacker do? Why cover up?
All GNU social JP content and data are available under the