prdonahue 2 days ago

We're primarily an AWS shop but some Oracle BDR assigned to cover us recently reached out on LinkedIn.

I asked for an incident report and received this terse response:

> There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.

2
decimalenough 2 days ago

Per article, Oracle has hastily rebranded the breached service as "Oracle Classic", for the sole purpose of being able to claim with a straight face that "Oracle Cloud" was not impacted.

1 reply
smithkl42 2 days ago

FWIW, that doesn't appear to be a "hasty rebrand" - Oracle has had this distinction for a long time.

https://docs.oracle.com/en/cloud/saas/enterprise-performance...

1 reply
decimalenough 2 days ago

The hacker has demonstrated that they have/had write access to URLs under login.us2.oraclecloud.com. It's incredibly disingenuous on Oracle's part to claim that this is not "Oracle Cloud".

blast 2 days ago

That exact statement is quoted in the OP too.

1 reply
prdonahue 2 days ago

Yeah, they've clearly been given some minimal company line and aren't deviating from it. Not going to win any trust.