Oracle has warned customers about a critical security vulnerability in its PeopleSoft software, widely used by large organizations for payroll and human resources management, following claims by a cybercriminal group that it exploited the flaw in a large-scale hacking campaign.

The warning came a day after the group known as “ShinyHunters” claimed responsibility for breaching more than 100 organizations using PeopleSoft server applications.

According to TechCrunch, cybersecurity firm Mandiant, a subsidiary of Google, said the newly disclosed Oracle vulnerability appears to be the same flaw allegedly exploited by ShinyHunters during the attacks.

Oracle stated that the vulnerability can be exploited remotely over the internet without requiring authentication credentials such as usernames or passwords, significantly increasing the potential risk to affected organizations.

The company has not yet released a security patch to address the issue but has advised customers to implement available mitigation measures to reduce exposure until a permanent fix becomes available.