Cybercrime Group ShinyHunters Claims Oracle PeopleSoft Server Breaches
Cybercrime collective ShinyHunters claims to have breached Oracle PeopleSoft servers at over 100 organizations, including many universities. The group alleges exfiltration of sensitive data like student records. This follows a failed attempt to access an FBI server to deny involvement in swatting incidents, highlighting the group's focus on mass exploitation.
Key points
- The cybercrime group ShinyHunters claims to have compromised Oracle PeopleSoft servers at more than 100 organizations.
- Affected entities include numerous universities, with data such as student records, personal contact information, and financial aid details allegedly exfiltrated.
- ShinyHunters reportedly targeted PeopleSoft, enterprise software used for HR, payroll, and administrative functions.
- The group stated a primary motivation was to access an FBI server to deny responsibility for recent swatting incidents.
- This incident demonstrates ShinyHunters' strategy of exploiting vulnerabilities in widely used software for mass compromises.
The notorious cybercrime group ShinyHunters has asserted responsibility for a significant data breach affecting Oracle PeopleSoft servers across more than 100 organizations. The group, known for its prolific activity, claims that numerous universities were among the victims, with sensitive data reportedly stolen.
According to a ShinyHunters member, the compromised information includes student records containing home addresses, phone numbers, emails, and dates of birth, alongside financial aid and administrative data. The group's stated goal for this operation was initially to breach an FBI PeopleSoft server to issue a denial regarding their alleged involvement in a recent wave of swatting incidents flagged by the FBI. This specific objective was reportedly unsuccessful.
PeopleSoft is widely utilized enterprise software for managing critical business functions such as human resources, payroll, and administrative operations. ShinyHunters' tactic involves identifying and exploiting vulnerabilities in popular software to achieve widespread compromises, as seen in this alleged mass breach. Oracle has not yet responded to requests for comment on the incident.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.