vps交流

甲骨文被盗号了-SR找回


本帖最后由 mzt1988 于 2024-8-7 15:15 编辑

原始邮箱一直收不到重置密码的邮件,然后注册了SR,提交了SR发现我的邮箱都被改了,这牛逼。不记得这个号之前是不是用过API刷过机器了。这么一看,之前的死的账户可能也是盗了,慢慢找吧。

还有个被封的账户是账户一直在SR无权限,重置密码成功后,登录账户还是密码错误

Hello Amsterdam –

We reviewed your tenancy. It looks like your tenancy is compromised. User has changed your email address in both domains ( default and OracleIdentityCloudService). Hence, you are not able to login or reset your password.

Our plan is to create new user and grant him administrator role in your Default domain. This way, you can login and clean up users and resources created. For this purpose, we need your alternative email address and make sure that you have access to the email. If you do not have alternative email, you can quickly create new email account and share below email.
=============

In accordance with Oracle’s Security Policy, we require an authorization email from a named User, using the Account’s email address, authorizing us to create the following User as an Account Administrator on your environment(s). Thank you for your understanding and compliance in this matter.

This authorization email must be sent by the authorization provider from the Sold To party (End User) domain email account i.e. abc@companyname.com, instead of personal accounts such as gmail.com;
The authorization email cannot come from the User that will be set as Admin (ideally, it should come from the present Administrator);
The attachment format must be in email/message format (.msg, .EML, .pdf), not a screenshot.

Here is the example information:

Subject of email: Add admin request.

Email body:

I authorize Oracle Support to create the following User as <ROLE> (Account Administrator OR Domain Administrator OR Order Activator) on my Cloud Account.

Tenancy name: a%%%
Full Name: <First Name> <Last Name>
Email:
Role: Account Administrator & Identity administrator
SR#: ####
IDCS GUID:####

Please attach above authz email in .msg or PDF format to the SR.
============

Please note: Please send above email from new admin’s email address to old admin email address (Amsterxxm@pingxxxxle.onmicrosoft.com). Old admin has to send "approved"/"approval" email as response. Then, attach this email to the SR for processing the request.

没搞懂,这段时间为什么那么多人都觉得是被盗了,那么复杂的密码,怎么盗?攻破甲骨文的安防系统更是不可能。

那么有没有更可能的情况发生,就是你的号被封了

sxlcolin 发表于 2024-8-7 15:12
没搞懂,这段时间为什么那么多人都觉得是被盗了,那么复杂的密码,怎么盗?攻破甲骨文的安防系统更是不可能 …

API泄露,另外据说之前甲骨文账户有过泄露,

甲骨文不是有验证程序吗,还会被盗?