The notorious cybercrime group ShinyHunters has claimed to have breached Oracle PeopleSoft servers at over 100 organizations, including universities and other educational institutions. The attacks, which were first reported by BleepingComputer, involve the exploitation of a "gadget chain" of old and zero-day vulnerabilities in the enterprise software suite.

What Happened

According to ShinyHunters, their initial goal was to breach an FBI portal running PeopleSoft to publish a statement denying involvement in a wave of swatting attempts flagged by the FBI. However, this attempt failed, and the group instead turned its attention to other organizations using PeopleSoft. The attacks have resulted in the theft of sensitive information, including student records, from over 100 organizations.

Nottingham University has confirmed that it was a victim of one of these attacks, with ShinyHunters publishing the university's data on their leak site. The university has publicly acknowledged the incident and is working to mitigate any potential harm caused by the breach.

Netbilling

Background and Context

PeopleSoft is an enterprise software suite used by large organizations to manage business operations, including human resources, payroll, finance, supply chain management, procurement, and student administration. The software is widely used in the education sector, with many universities relying on it to manage student records and other administrative tasks.

ShinyHunters has been linked to several high-profile data breaches in recent months, including a breach at Wynn Resorts in September 2025 that exposed the personal identifiable information of over 800,000 employees. The group's modus operandi involves exploiting vulnerabilities in popular software suites and demanding payment from organizations to prevent the publication of stolen data.

Why it Matters

The ShinyHunters breach highlights the ongoing threat posed by cybercrime groups to large-scale enterprise systems. The exploitation of vulnerabilities in PeopleSoft and other software suites can have significant consequences for organizations, including reputational damage, financial losses, and regulatory fines.

In the context of the adult industry, this breach serves as a reminder of the importance of robust cybersecurity measures and regular vulnerability assessments. Adult-industry platforms and operators must remain vigilant in protecting against cyber threats and ensuring the security of sensitive information.

What Comes Next

The ShinyHunters breach has sparked concerns about the potential for further attacks on enterprise systems. Oracle has not publicly commented on the breach, but cybersecurity researchers have identified several exposed online directories containing tooling related to the attack.

Organizations using PeopleSoft are advised to review logs for connections from the identified IP addresses and assess potential exposure. The incident serves as a reminder of the importance of robust cybersecurity measures and regular vulnerability assessments in protecting against cyber threats.

Key Facts

  • ShinyHunters has claimed to have breached Oracle PeopleSoft servers at over 100 organizations, including universities and other educational institutions.
  • The attacks involve the exploitation of a "gadget chain" of old and zero-day vulnerabilities in the enterprise software suite.
  • Nottingham University has confirmed that it was a victim of one of these attacks, with ShinyHunters publishing the university's data on their leak site.
  • The breach highlights the ongoing threat posed by cybercrime groups to large-scale enterprise systems.
  • Organizations using PeopleSoft are advised to review logs for connections from the identified IP addresses and assess potential exposure.

In conclusion, the ShinyHunters breach serves as a reminder of the importance of robust cybersecurity measures and regular vulnerability assessments in protecting against cyber threats. Adult-industry platforms and operators must remain vigilant in protecting sensitive information and ensuring the security of their systems.