Hey all!

So today I was found with an email(s) that my Oracle Cloud account information was changed. So I started reacting to it and digging more.

The first thing I noticed, is that the attacker fully disabled my Service Admin account which had a 2FA setup using Yubikey, and even phone number recovery. Please do not tell me I should have used a stronger password when I'm using the randomly generated password from the key vault with a minimum length of 64 characters that are alphanumeric and contain a minimum of 5 numbers and 5 special characters in the string.

In the end, I have 4 emails showing actions done by the attackers: * The password for the domain default account was updated without my consent * The domain default email address for my domain was updated * Received a verification email from Oracle to verify my email for the domain * deactivation of my domain default account

After these actions, I can not proceed with anything, can't log in, and do anything with it. I was using a free tier with an ARM server that was running 24/7 which seems to have withstood the attacks, even though there was a long long list of attacks from different locations, Korea, Sweeden, USA, Spain, etc. on sshd, by brute-force attacks, FTP User attacks, etc. Since I had access to the virtual server still I bricked it by fully removing everything that I could that made the system unusable and unrecoverable, even SSH, so the system had to be destroyed by any means.

In the end, I am trying to get an account recovered because I can provide the information for the default domain account user and credit card used to verify to receive the trial, but I am having extreme difficulty setting up a support account and actually getting support in-contact. The least I can do if they don't wish to proceed to recover is to fully nuke the domain and everything on it.

Any help would be appreciated.