Oracle has alerted its business customers to a critically rated security flaw in its PeopleSoft platform — software widely used by large organizations to handle payroll and HR functions — just one day after a cybercrime gang claimed responsibility for exploiting the vulnerability in a widespread hacking operation. The company issued its security advisory on Thursday, following claims by the ShinyHunters group that it had compromised more than 100 organizations running PeopleSoft servers. Mandiant, Google’s cybersecurity division, confirmed in a blog post that the Oracle vulnerability being abused by ShinyHunters in its targeted campaign against PeopleSoft users is the same one. At the time of the advisory, Oracle had not yet released a patch; it warned that the bug can be exploited remotely over the internet without any authentication, such as a password. The company urged customers to implement its recommended workaround measures to block potential attacks. The day before, a ShinyHunters member told TechCrunch that the group had breached the organizations by exploiting an unpatched vulnerability in PeopleSoft servers. The vulnerability is termed a zero-day since the impacted company—Oracle in this instance—had no opportunity to develop a patch before the flaw was identified and actively exploited. Mandiant stated that it has also alerted over 100 organizations worldwide, the majority of them in the United States, to help limit exposure on their potentially at-risk systems. The cybersecurity firm noted that roughly two-thirds of the affected organizations are in the higher education sector, matching ShinyHunters’ earlier claims. “While several organizations successfully blocked the activity or remediated the vulnerabilities, others were compromised, leading to stolen data being published on the ShinyHunters [Data Leak Website],” Mandiant wrote. Oracle did not respond to TechCrunch’s request for comment. Contact Us. Do you have more information about this hacking campaign? Or additional data breaches? We’d be delighted to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. This week, a ShinyHunters member informed TechCrunch that some of the compromised organizations are universities and colleges. The hacker provided a message they claimed was sent to one of the affected schools, in which the group said it had stolen “hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, ethnicity, enrollment status, GPA, major, and student ID across all campuses,” along with other data. PeopleSoft and its customers are the latest targets in a prolonged series of attacks in which the ShinyHunters gang has focused on organizations that all run the same vulnerable software. Over the past year, the group has hit multiple companies using Salesforce and Gainsight, as well as systems supplied by education giant Instructure and others. Once the hackers locate vulnerable software and the organizations running it, they attempt to steal corporate or customer data and then demand a ransom to prevent its release. Earlier this year, education technology firm Instructure confirmed it paid the hackers after they breached its systems on two separate occasions. As part of their hacking operation, the ShinyHunters group altered the login pages of multiple schools that rely on Instructure’s widely used Canvas learning management platform. (Note: When you purchase through links in our articles, we may earn a small commission.) This has no impact on our editorial independence.
