Oracle is suing SAP for allegedly hacking into its customer-support database and stealing sensitive information that it used to lure customers from its fierce rival. The accusations center on TomorrowNow, SAP’s support-services arm, one of many third-party maintenance firms chipping away at Oracle’s high-margin, vendor-provided support for JD Edwards, PeopleSoft, Siebel, and other recent acquisitions.
Dripping with snark and venom, Oracle’s complaint is a compelling read for anyone interested in the ultracompetitive enterprise software industry.
In attacking SAP, however, Oracle often doesn’t do itself any favors. For example, Oracle maintains that TomorrowNow, with its relatively small staff, couldn’t possibly offer deep discounts on maintenance services without extensive access to pilfered proprietary information, because of “the hundreds of regulatory updates, bug fixes, patches, and other labor-intensive support items that a customer would need to maintain useful, optimally functioning Oracle software.”
The alleged manner of the theft of the inside information also raises questions about security procedures at Oracle. Thousands of documents were downloaded from support Websites, says Oracle, by SAP employees masquerading as Oracle customers. The hackers logged in using profiles that included E-mail addresses like “firstname.lastname@example.org” and phone numbers such as “777-777-7777.” Once inside, these pretenders were able to download documents far beyond the scope of the software that their purported companies were using.
This isn’t the first time that Oracle’s and SAP’s dirty laundry has been exposed. When Oracle was fighting for antitrust clearance to purchase PeopleSoft, a document dump by the DoJ provided an inside glimpse at the tactics top vendors use to lure customers, including several revealing memos on the extent of discounts they were willing to offer. There were also plenty of colorful E-mail exchanges, including Oracle boss Larry Ellison declaring that “best of breed is dead — except at dog shows,” while another Oracle executive eagerly passed on to colleagues advice on dealing with the DoJ from a “master,” the soon-to-be-incarcerated ex-CEO of Computer Associates, Sanjay Kumar.