The companies who don’t move even an inch till the time they have not extracted every single piece of data that they think worthwhile, behave diametrically opposite, if it comes to their own wheeling dealing. A hack is a hack, and it is legally so. It cannot be made an inhouse affair, which is the best case scenario, at worst they would digest it all. If they accept a breach that itself is an achievement. More often than not the news of the breach does not come from the owner / vendor / consultants, which means the whole ecosystem has been created to falsify things, as far as cyber security is concerned.
The concept, practice, and the trajectory of breaches and hacks, is one and the same from the small to the biggest. Homilies they offer but that is nearly all, business is supreme, and beyond a point they would not spend as well, customers barely fall in their scheme of things, but for extracting money and a variety of business benefits out of them, few we cannot even imagine of. Until totally forced, there is no hack for an IT enterprise, even if it were to be Oracle or any other big name. While the hacks of the Oracle were made known in the public domain, they had the audacity of not to disclose.
They are convinced of the fact they can get away with it. Long after the two Oracle hacks and the official denial, the company has now accepted the second of the two hacks. What magnanimity! It has acknowledged this breach to the clients in the last month. Oracle staff informed the clients this week about the attacker gaining access to usernames, passkeys and encrypted passwords, few of them spoke on conditions of anonymity. They were not allowed to speak. What a virtue they are creating out of outright falsehood? The customers were also informed that the FBI and cyber security firm CrowdStrike are investigating the incident.
The attackers also sought an extortion payment from the company. They have tried to differentiate this intrusion from another hack that happened last month. While this drama is running now surreptitiously, its wider fall out on the outside world of this hack, is not even talked about. FBI declined to comment, while CrowdStrike representatives referred the questions to Oracle. It all came to light when an unidentified individual began trying to sell data online. They talk of hack in their so called “legacy environment;” this does not cut any ice at all. Whereas a third person familiar with the breach said the stolen data included Oracle customer login from as recently as 2024. A deliberate smokescreen is created with a clear cut vested interest.
ARE EVEN BIG COMPANIES PLAYING IN THE HANDS OF CYBER CRIMINALS TO SAVE THEIR REPUTATION?
Sanjay Sahay
Have a nice evening.