Cybercrime group ShinyHunters claims it breached Oracle PeopleSoft systems used by more than 100 organizations and stole data from roughly 300 PeopleSoft environments. Cybersecurity researchers claim many of the affected entities appear to be universities, though other enterprises may also be involved.
The claims have not been independently verified since Oracle hasn’t publicly confirmed a data breach or acknowledged any exploitation of zero-day vulnerability in the product.
PeopleSoft is an enterprise application by Oracle for human resource management, payroll processing, accounting, procurement, supply chains, and student administration. Its implementations tend to contain highly sensitive employee information, salaries, financial details, and personal information of students.
This increases the chances of PeopleSoft being targeted by cybercriminals looking to launch ransomware attacks or exfiltrate data. According to some sources, the ShinyHunters hackers say they used a combination of known vulnerabilities and undiscovered zero-days to gain access. The group claimed the vulnerability could be exploited depending on how specific PeopleSoft environments were configured.
Experts have yet to provide any proof of the presence of a PeopleSoft zero-day. Therefore, it is safe to accept the claim until further research is available.
If the allegations prove accurate, this can be one of the biggest breaches involving PeopleSoft applications. The potential victims include those who store vast amounts of information, such as HR, payroll, finance, and students’ records.
Affected organizations could face several challenges, including data loss, regulatory Scrutiny, and forensic analysis, among others. The security administrators operating PeopleSoft systems should consider securing their systems. Recommended actions include:
Apply the latest Oracle security updates.
Review authentication, admin, and application logs for unusual activity.
Audit privileged accounts and access paths.
Restrict internet exposure of administrative interfaces.
Monitor for indicators of compromise and abnormal data transfers.
Until Oracle, affected organizations, or cybersecurity authorities release verified findings, the full scope of the alleged breach remains uncertain.