Oracle Warns Hackers Exploited Critical PeopleSoft Flaw in Mass Breach
Oracle issued a critical security advisory after hackers from ShinyHunters group exploited a flaw in PeopleSoft software, breaching over 100 companies.
Admin User

Oracle has warned its corporate customers about a critical-rated vulnerability in its widely-used PeopleSoft software. This warning comes just days after the hacking group ShinyHunters claimed responsibility for abusing this flaw as part of their mass-hacking campaign.
The company published the security advisory on Thursday, following ShinyHunters' announcement that they had breached more than 100 organizations using PeopleSoft servers. Mandiant, Google's security unit, confirmed that the new Oracle flaw is indeed the same bug being exploited by ShinyHunters.
According to Oracle, this zero-day vulnerability can be exploited over the internet without needing any authentication, making it a significant threat. The tech giant recommends customers using PeopleSoft software to apply its mitigations to prevent exploitation. As of now, no patch has been released by Oracle for the bug.
A ShinyHunters member told TechCrunch that they compromised companies by exploiting this unpatched flaw in PeopleSoft servers. Mandiant informed over 100 global organizations, mostly located in the United States, about potential vulnerabilities, with higher education institutions being hit hardest.
Mandiant stated that while some organizations managed to block the activity or remediate the vulnerability, others experienced compromises where sensitive data was stolen and published on ShinyHunters' data leak website. The group targeted universities and colleges, claiming to have stolen hundreds of thousands of student records containing full names, home addresses, phone numbers, emails, dates of birth, genders, ethnicities, enrollment statuses, GPAs, majors, and more.
ShinyHunters also targeted other companies using Salesforce, Gainsight, and software from education giant Instructure. Once they identified vulnerable software and organizations using it, the hackers stole corporate or customer data, threatening to release it unless ransom was paid. In one instance, an education tech company, Instructure, reportedly paid the hackers after being breached twice.
The ShinyHunters group defaced login pages of several schools that use Instructure's popular school information portal Canvas as part of their campaign.


