Oracle just got hit—again. This time, hackers stole old client log-in data, marking the second breach the tech giant has reported in a month. The FBI and CrowdStrike are on the case, Bloomberg reports, citing sources familiar with the matter.
Usernames, passkeys, and encrypted passwords are among the compromised data. Oracle staff confidentially disclosed the breach to some clients earlier this week, with affected clients agreeing to anonymity due to restrictions on discussing the matter publicly.
According to Oracle, the hacker attempted to extort the company after the breach. Oracle representatives told clients that this incident is separate from the hack reported to healthcare clients in March.
Oracle characterized the breached system as a “legacy environment” that hasn’t been active for eight years, implying minimal risk from the stolen credentials. However, a third source told Bloomberg that the stolen data includes customer log-in information from as recently as 2024, raising concerns about the breadth and potential impact of the breach.
