OCI = Oracle Cloud Infrastructure (not Open Container Initiative)

This is not good. Even though they fixed it quickly, there must have been multiple misses for this to be ending up in production.

i bet Clay handled this well

tl;dr

Until this was fixed, any Oracle Cloud customer could read any other Oracle Cloud customers storage volume simply by having the identifier of the volume.

Said identifier could be obtained in several ways (outlined in the article).

Issue was fixed promptly after Oracle was notified.