Oracle TikTok Data Security Allegations

With no word from Oracle yet (where are the Cybersecurity and Infrastructure Security Agency, Security Exchange Commission, and Federal Trade Commission in urging this?) Rose87168 is indicating they are moving to a new phase, potentially selling or leaking the data. Pretty crazy Oracle just denied this leak which has been verified independently by many cybersecurity firms. Given Oracle’s lack of response and the absence of immediate guidance from a regulatory body, I advise following the guidance provided by CloudSEK: 1). Immediate Credential Rotation: Change all SSO, LDAP, and associated credentials, ensuring strong password policies and MFA enforcement. 2). Incident Response & Forensics: Conduct a thorough investigation to identify potential unauthorized access and mitigate further risks. 3). Threat Intelligence Monitoring: Continuously track dark web and threat actor forums for discussions related to the leaked data.

Coming out of SXSW talking on the topic of "Social Platform Cyber Defensive Operations" this week,  I saw this impressive interview that  I found to be a great use of my time. So…. If you have 20 minutes AND you want a better explanation of how TikTok US Data Security (USDS- the entity that was built to National Security Standards for protecting US citizens on TikTok) works.  Check this out. It is the most detailed and-in-one-place-piece that I have seen a public explanation of the facts around how TikTok US user data is protected.  From the implementation of a separate organization with employees that are US citizens on US Soil and in 2 other 5 Eyes (FVEY) countries (UK and Australia), to the managed technical oversight and operation in US owned datacenters (Oracle Cloud), and the oversight of 3 external independent assessors, Mandiant (part of Google Cloud), HaystackID, and OnDefend; this video gives details.  Well done Andy Bonillo (former USSS Cyber Agent & Federal LEO) for opening up your operations, discussing the facts, and being transparent. https://lnkd.in/ekRuxZqy #trustthroughtransparency #cybersecurity #tiktokusds #cyber #ciso #riskmanagment 

𝗢𝗿𝗮𝗰𝗹𝗲 𝘀𝗲𝗻𝘁 𝘀𝗵𝗼𝗰𝗸𝘄𝗮𝘃𝗲𝘀 𝗹𝗮𝘀𝘁 𝘄𝗲𝗲𝗸 𝗯𝘂𝘁 𝗵𝗲𝗿𝗲’𝘀 𝘄𝗵𝗮𝘁 𝗺𝗼𝘀𝘁 𝗽𝗲𝗼𝗽𝗹𝗲 𝗺𝗶𝘀𝘀. Oracle started with a bet on relational databases— and as the main challenger to SAP in ERP. When cloud took off in the 2000s, Larry Ellison was a skeptic. But he changed course when the evidence became undeniable. Unlike SAP, Ellison pushed vertical integration. Competing head-on with hyperscalers—what many called suicide. A key piece? Cloud High-Performance Computing. Oracle’s 2009 Sun Microsystems acquisition gave it GPU and networking expertise. By 2020, it was among the first to deploy Nvidia A100s. And when AI exploded, Oracle was already waiting with the keys. Ellison struck a bold 15-year deal with Crusoe—then a cryptominer. A “genius play” that secured huge AI contracts. Since 2023, Oracle has been the largest U.S. data center lessor, locking in over 2 GW with 10+ year contracts. The OpenAI Stargate JV and $300B deal flowed from these moves. But the most overlooked story? It’s not OpenAI. It’s ByteDance. When the US had security concerns over TikTok’s data usage, ByteDance turned to Oracle to manage their US cloud business. TikTok’s parent is now Oracle’s biggest GPU customer. This partnership built Johor, Malaysia into the world’s 2nd-largest AI hub! The lesson: sometimes the biggest growth drivers aren’t the ones everyone’s watching. 🔖 Curious for more overlooked insights? Subscribe to my newsletter: https://lnkd.in/eiv5a3tT 📷: Semianalysis