The Washington Post confirmed it was compromised in a massive hacking campaign exploiting weaknesses in Oracle’s widely-used business software suite. This revelation follows reports from security researchers and Google Cloud that ransomware gang Clop had been targeting over 100 companies using Oracle E-Business Suite, gaining access to sensitive customer data and employee records since late September.
The vulnerability stemmed from unpatched flaws within the platform, which businesses rely on for tasks ranging from human resources management to financial operations. Google first alerted users about the exploitation in early October, noting that Clop had leveraged these vulnerabilities to steal information from numerous companies. Victims began receiving extortion messages claiming vast troves of sensitive business and personal data were stolen, with some demands reaching as high as $50 million.
Clop, known for its aggressive tactics, explicitly named The Washington Post on its website last Thursday. The gang typically calls out victims who refuse to pay ransoms, further pressuring organizations into negotiations. In this case, Clop’s public statement indicated that the newspaper had not succumbed to their demands.
Oracle responded to these disclosures with two security advisories but declined to directly address questions from TechCrunch about the extent of the breach or specific details regarding the vulnerabilities exploited by Clop. The Washington Post also remained largely tight-lipped, offering only a brief confirmation of its involvement in the larger incident without further elaboration.
This widespread attack underscores the critical importance of keeping software patched and regularly reviewing security protocols, particularly for mission-critical business applications like Oracle E-Business Suite. As cyberattacks become increasingly sophisticated, organizations face mounting pressure to bolster their defenses against vulnerabilities that can have devastating consequences for both data privacy and operational integrity.
