Oracle warns of critical PeopleSoft flaw exploited in mass breach of over 100 firms
The software giant has issued an urgent advisory for a critical unpatched bug in its PeopleSoft payroll and human resources system, following claims by the cybercrime group ShinyHunters that it compromised more than 100 organisations globally.
Oracle has issued an urgent security advisory warning corporate customers of a critical vulnerability in its PeopleSoft software, which is widely used for payroll and human resources management. The warning comes a day after the cybercrime group ShinyHunters claimed responsibility for exploiting this flaw in a mass-hacking campaign, alleging breaches of more than 100 organisations.
Mandiant, the security unit owned by Google, confirmed that the vulnerability is a zero-day bug and has notified over 100 global organisations, predominantly in the United States and the higher education sector, to restrict access to potentially vulnerable systems. Mandiant noted that approximately two-thirds of the affected entities are in the higher education sector, aligning with earlier claims made by the hackers.
At the time of the advisory, Oracle had not released a patch for the vulnerability. The company stated that the bug can be exploited over the internet without requiring authentication, such as a password, and recommended that customers apply immediate mitigations to prevent exploitation. Oracle did not respond to requests for further comment regarding the ongoing investigation.
ShinyHunters members stated they compromised companies by abusing the unpatched flaw in PeopleSoft servers. The group threatened to release stolen data unless ransoms were paid, claiming to have accessed sensitive information including student records containing full names, home addresses, phone numbers, emails, dates of birth, gender, ethnicity, enrollment status, GPAs, majors, and student IDs.
While several organisations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters Data Leak Website. This incident follows a pattern of activity by the group, which has previously targeted organisations using vulnerable software such as Salesforce, Gainsight, and Instructure, often employing a modus operandi of data theft followed by ransom threats.
