Oracle is a public company. Public companies must file data breaches with the SEC or they can get into some hot water. They are not ran by smart people.
this post was submitted on 31 Mar 2025
492 points (99.4% liked)
Technology
68187 readers
3661 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
You mean the SEC in the US? You're kidding right? Nobody cares about any of that anymore. Does the SEC even still exist? Worst case scenario, Oracle just gives some money to Cheeto and they're done
Yes. It exists. Whether or not they are actively enforcing anything during the current administration is open to question. The fortune 10 company I work for takes the SEC seriously.
Fuck Oracle.
I hope Oracle will finally send out mails to the affected customers. No idea if I am affected as Oracles login process is so convoluted that I have no desire to deal with it or understand it.
Just assume you are.
Ok, who of you guys is working with Oracle Cloud and has not yet rerolled all API/Access Keys, passwords and so on? And what company do you happen work for? ^Just asking for a friend^
I wonder how many of those companies - that are stuck with Oracle due to legacy software - have just too many keys to reroll that they just won't do it. Mainly due to everything being a manual process.
At least we're constantly told to be ready to act to reroll secrets, etc and try to automate the change/deployment of changed passwords and such.
Depending on the system you're working with, this may still be a PITA, but at least we do have plans for even the "problematic" systems and we have probably done this a few times. Although maybe not at this scale, tbh.
So, imagining I were tasked to do that for $hyperscaler in "my" systems... I feel some dread, as even if everything is automated ä, there's always something that doesn't go as planned - but at least I know what can be done in which way and which timeframe is realistic (and which parts will be the most sensitive). If you do not have plans, well... Good luck. You'll need it.
Omg we have the same friend! Also no 😬
Because they can hide it & not face any consequences.
The number of clients I've worked with who are "stuck" with Oracle passes the 50% mark and I'm just one person.
One company said that Oracle offered them a de-obfuscation tool to migrate elsewhere for a mere $2M. Absurd.
Fuck Oracle.
Uh, what, you can't just pull your data and move elsewhere?
Oracle is not a tech company it's a racket run by an army of lawyers. Obligatory link to Bryan Cantrill's talk.
In that market, it might be a decent deal.
Maybe in some cases. This particular company at the time had revenue of $5M, with a much lower net, so $2M want even feasible.
They're probably not a very good candidate to be an Oracle client either. They typically target larger accounts. Shame to end up stuck like that.