The notorious cybercrime group ShinyHunters claimed to have hacked Oracle PeopleSoft servers at more than 100 organizations, many of them universities, a ShinyHunters member told TechCrunch on Wednesday. The violations were first reported by BleepingComputer.
PeopleSoft is business software designed to manage payroll, human resources, administration, and other business operations.
The news shows that despite being one of the most visible and prolific cybercrime groups of the moment, ShinyHunters does not slow down and has turned massive hacks into its specialty. The group’s modus operandi is to find a vulnerability in popular software in order to compromise many victims at once.
“Student, applicant, financial aid, immigration, health and administrative data has been extracted,” reads a message that the hacker says was sent to one of the victims. The hackers claimed to have stolen student records that include home addresses, phone numbers, emails and dates of birth.
The hacker added that most of the targeted schools had already been compromised in previous unrelated campaigns.
The group’s original goal, the member said, was to compromise an FBI PeopleSoft server; The goal was to release a statement denying that ShinyHunters was behind a wave of attempts to crush the FBI. flagged in an alert last month. The member said that attempt failed.
Oracle did not respond to a request for comment.
