Hackers claim breach of Oracle PeopleSoft at over 100 firms

▼ Summary
– ShinyHunters claimed to have hacked Oracle PeopleSoft servers at over 100 organizations, mostly universities, stealing student data including addresses, phone numbers, emails, and dates of birth.
– PeopleSoft is enterprise software used for payroll, HR, administration, and other business operations.
– The group specializes in mass hacks by finding vulnerabilities in popular software to compromise many victims at once.
– Most targeted schools had already been compromised in earlier, unrelated cyberattacks.
– ShinyHunters originally aimed to hack an FBI PeopleSoft server to deny involvement in swatting attempts, but that attempt failed.
The notorious cybercrime group ShinyHunters has claimed responsibility for breaching Oracle PeopleSoft servers at more than 100 organizations, with a significant number of victims being universities. A group member shared the details exclusively with TechCrunch on Wednesday, following an initial report from BleepingComputer. PeopleSoft, a widely used enterprise software suite, handles critical functions such as payroll, human resources, administration, and other business operations.
This latest wave of attacks underscores that ShinyHunters, already one of the most visible and active cybercrime groups today, shows no signs of slowing down. The group has refined mass hacking into a core specialty. Their typical strategy involves identifying a vulnerability in widely deployed software, allowing them to compromise dozens or even hundreds of victims in a single campaign.
“Student, applicant, financial aid, immigration, health, and administrative data has been exfiltrated,” read a message the hacker claimed was sent to one of the affected organizations. The stolen records reportedly include sensitive personal information such as home addresses, phone numbers, email addresses, and dates of birth. The hacker further noted that many of the targeted schools had already been compromised in earlier, unrelated security incidents.
The group’s initial ambition, according to the member, was to breach an FBI PeopleSoft server. The objective was to post a statement denying that ShinyHunters was behind a series of swatting attempts that the FBI had flagged in a security alert last month. That specific attempt, the member admitted, was unsuccessful. Oracle did not respond to a request for comment on the claims.
(Source: TechCrunch)




