ShinyHunters claims mass breach of Oracle PeopleSoft servers across 100 organisations

The ShinyHunters hacking group has claimed responsibility for compromising Oracle PeopleSoft servers at more than 100 organisations, with universities representing the majority of the targets. The breach was first reported by BleepingComputer and subsequently confirmed to TechCrunch by a member of the group on Wednesday. Oracle has not responded to requests for comment regarding the incident.

PeopleSoft is enterprise software widely used to manage payroll, human resources, administration, and other core business operations. The group’s modus operandi involves identifying vulnerabilities in popular software platforms to compromise multiple victims simultaneously, a strategy that has turned mass hacks into a specialty for the notorious cybercrime syndicate.

According to a message sent to one of the victims, the group alleges that student, applicant, financial aid, immigration, health, and administrative data has been exfiltrated. Specific data types claimed to be stolen include student records containing home addresses, phone numbers, email addresses, and dates of birth.

ShinyHunters stated that most of the targeted schools had already been compromised in earlier, unrelated campaigns. The group’s original objective, however, was to breach an FBI PeopleSoft server to issue a statement denying involvement in recent swatting incidents. This specific attempt failed, despite the FBI having flagged a wave of such attempts in an alert last month.

The incident underscores the persistent risks associated with enterprise software vulnerabilities. While the scale of the breach is significant, the claims remain unverified by Oracle or independent forensic analysis, leaving the full extent of the data exposure uncertain.