Oracle Confirms Security Flaw Behind Mass Hack of 100+ Organizations

Oracle has disclosed a security vulnerability in its PeopleSoft software that a cybercrime gang has been actively exploiting to break into organizations around the world, according to TechCrunch.

The hacking group ShinyHunters claims to have compromised PeopleSoft servers belonging to more than 100 organizations, including a number of universities, according to TechCrunch's earlier reporting. PeopleSoft is widely used enterprise software for managing human resources, finances, and student records—making the data stored on those servers especially sensitive.

Oracle warned customers of the security bug after the gang said it was using the flaw as part of a mass-hacking campaign, according to TechCrunch. Google separately said it had notified more than 100 organizations that had potentially vulnerable servers exposed.

The incident follows a pattern of large-scale attacks targeting enterprise software with a broad install base—once a single vulnerability is found, hackers can automate attacks across every organization running the same unpatched system. Universities and large institutions that rely on PeopleSoft for sensitive student and employee data are particularly at risk.

For the millions of people whose data sits inside these systems, the breach is a reminder that even well-established enterprise software from a major vendor like Oracle can become a master key for attackers—one flaw, exploited quickly, can unlock dozens of organizations at once.