ShinyHunters claims breach of Oracle PeopleSoft at 100+ orgs
Original: Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
Why This Matters
Mass breach highlights vulnerabilities in enterprise software affecting educational institutions
Cybercrime group ShinyHunters claimed to have breached Oracle PeopleSoft servers at over 100 organizations, mainly universities. The group allegedly stole student records including personal data, continuing their mass hack strategy.
The notorious cybercrime group ShinyHunters told TechCrunch they hacked Oracle PeopleSoft servers at more than 100 organizations, predominantly universities. PeopleSoft manages payroll, HR, and business operations. The hackers claimed to have exfiltrated student, applicant, financial aid, immigration, health, and administrative data including home addresses, phone numbers, emails, and birth dates. The group's modus operandi involves finding vulnerabilities in popular software to compromise multiple victims simultaneously. Most targeted schools had already been compromised in earlier unrelated campaigns. The group's original goal was to breach an FBI PeopleSoft server to post a denial regarding swatting attempts, but that attempt failed. Oracle did not respond to requests for comment.