Notorious cybercrime group ShinyHunters has claimed to have hacked Oracle PeopleSoft servers from more than 100 organizations, most of them universities, a ShinyHunters member told TechCrunch on Wednesday. The breach was first reported by BleepingComputer.
PeopleSoft is enterprise software designed to manage payroll, human resources, administration, and other business operations.
According to the news, despite being one of the most prominent and active cybercrime groups today, ShinyHunters has not slowed down and has turned large-scale hacking into a specialty. The group’s modus operandi is to find vulnerabilities in popular software so they can compromise many victims at once.
“Student, applicant, financial aid, immigration, health, and administrative data has been compromised,” a message sent by the hacker to one of the victims read. Hackers claimed to have stolen student records including home addresses, phone numbers, emails and dates of birth.
The hackers added that most of the targeted schools had already been compromised in previous, unrelated campaigns.
The group’s original goal was to compromise FBI PeopleSoft servers. The goal was to post a statement denying that ShinyHunters was behind a series of swatting attempts that the FBI warned about last month. Member said that attempt was unsuccessful.
Oracle did not respond to a request for comment.
