Let me preface this with this was a dormant account with no instances set up, and I put it into place maybe 4 or 5 years ago while getting into the Self Hosted space. I don’t recall if I had MFA setup, but don’t think I did as it was a test space. In fact, I forgot I even had it up until now.
So this weekend, we were out of town and I get this alert from Oracle Cloud saying that my account was locked with a password reset link/ This was set to an email I’ve had since 2004 and has been sold many many times on the dark web as evidenced by the amount of SPAM I get on it and as my monitoring services confirm. I figured it was a weak ploy at a fishing to get my credentials so I ignored it. Then about 3 or 4 or so minutes later, the account was unlocked with another email to confirm this. (Without my touching anything)
So, last night when I returned home, I went to Oracle ignoring the email links and used my browse’s address bar. To no surprise of my own, I can’t log in or reset my credentials. Somehow, the attackers were able to exploit their platform to intercept the password reset and change everything to their credentials.
It’s no real loss on my end honestly, Oracle had an old canceled debit card number for re-occurring billing if I should have ever used their services anyway. It just bugs me that they allowed it to happen so easily. Having the lack of MFA, I’m sure didn’t help the matter, but honestly, what gets me the most - their password reset email and the one saying it was unlocked with no links or contact information to correct the situation if this was incorrect. Further proof on my end that oracle doesn’t care about anything other than the money grab.
tl:dr My lack of MFA enabled hackers to attack my formerly dormant and forgotten Oracle account, and locked me out and Oracle doesn’t seem to mind.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Probably why they’re sending out emails right now saying they’re transitioning to mandatory 2FA…
It’s possible your e-mail account was compromised, and that’s how they were able to click that confirmation link you ignored. Change your e-mail password.
I have MFA enabled on that account have had it there for years. :) (2FA + Webauth) Password already updated too. :) That email I know has been all over the dark web based on my monitoring alerts and know it’s been used. All of my important user accounts with that email were changed to a new one 6 or so months ago. I just forgot about this one and like I said, never really used it anyway. :)