Source linked

ShinyHunters Claims Breach of 100+ Oracle PeopleSoft Instances

techcrunch.com@market_structure1 hour ago·Cybersecurity·1 comments

More than 100 organizations, mostly universities, reportedly hit by mass exploitation of enterprise HR software

shinyhuntersoraclepeoplesoftdata breachcybercrimeuniversities

More than 100 organizations — most of them universities — had their Oracle PeopleSoft servers compromised by ShinyHunters, according to the group's claims shared with TechCrunch.

PeopleSoft is enterprise software that handles payroll, HR, and administration. A single vulnerability in that platform, exploited at scale, just turned into a data exfiltration event covering student records, financial aid documents, and immigration details.

100+ Organizations Hit in One Campaign

ShinyHunters didn't break into each target individually. They found a hole in Oracle PeopleSoft and applied it across hundreds of deployments. That's the playbook: find one bug in a popular platform, then compromise every exposed instance.

The confirmed victims are primarily educational institutions. The hackers claim to have exfiltrated "student, applicant, financial aid, immigration, health, and administrative data" — home addresses, phone numbers, emails, dates of birth. Exactly the kind of personally identifiable information that powers identity theft and targeted phishing.

What Was Stolen and Why It Matters

If these claims hold, this is a textbook supply-chain-style attack. Oracle PeopleSoft is ubiquitous in higher education and large enterprises. A single vulnerability exploited at scale means thousands of individuals' sensitive data potentially exposed. Many of these schools had already been compromised in earlier, unrelated campaigns — compounding the damage.

The stolen data includes financial aid and immigration records, which can be monetized on dark web markets or used for extortion.

The FBI Was the Original Target

Here's the twist: ShinyHunters told TechCrunch their original goal was to compromise an FBI PeopleSoft server. They wanted to post a denial about a wave of swatting incidents the FBI had flagged. That attempt failed. The group then turned to other targets. It tells you two things: ShinyHunters has ambitions beyond random data theft, and they're not afraid to target federal agencies.

Oracle has not responded to requests for comment. The breaches were first reported by BleepingComputer.

Mass-hack campaigns like this will keep working until organizations stop treating enterprise software patches as optional. ShinyHunters' playbook is out in the open — it's now up to every IT department running PeopleSoft to verify whether their instance was among the hundred-plus.

Source: Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
Domain: techcrunch.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Nearly a Million Passports Exposed on Open Internet - No Password Needed

Security researcher Sammy Azdoufal found roughly 1M passport photos and IDs accessible via unprotected public URLs, belonging to users of a cannabis-club management system.

CrowdStrike Links 47% of US Tech Hacks to North Korean Remote IT Worker Scheme

North Korean group Famous Chollima accounted for nearly half of all state-backed hands-on-keyboard intrusions at US tech companies from April 2025 to May 2026

84 Valid SLSA L3 Attestations TanStack Attack Blows Past Provenance

Attackers published 84 malicious npm packages under TanStack's identity with cryptographically valid SLSA Build Level 3 attestations-because the build platform itself was compromised, not the attestation chain.

ServiceNow Bug Exposed Customer Data Without Any Login Required

A bug in ServiceNow's platform let unauthenticated users access customer instances; the June 5 patch fixes it, but the exposure scope remains unknown.

Comments load interactively on the live page.