134/68 Tuesday, April 8, 2025
Oracle has confirmed a data breach incident and has begun privately notifying affected customers. While the company appears to be downplaying the severity of the breach, a hacker going by the alias rose87168 claims to have accessed millions of records from Oracle Cloud, including encrypted credentials for over 140,000 users. The attacker has published samples of over 10,000 records, along with files allegedly tied to Oracle Cloud access and internal company videos as proof of the breach.
The hacker initially demanded a $20 million ransom from Oracle but later shifted to offering the stolen data for sale or in exchange for zero-day vulnerabilities. Oracle has denied the claims, stating that “there has been no breach of Oracle Cloud, and the leaked credentials are not related to our services.” However, independent sources such as BleepingComputer and Cloudsek have verified the legitimacy of the leaked data, including LDAP directories, internal emails, and matching system information. Reports also indicate that a vulnerable version of Oracle Fusion Middleware was running on one of the compromised servers, which has since been taken offline.
The FBI and cybersecurity firm CrowdStrike are currently investigating the breach. While Oracle insists the incident does not affect its active cloud services, security experts—such as Kevin Beaumont—have expressed concern about Oracle’s communication, pointing out that distinguishing between “Oracle Cloud” and “Oracle Classic” may confuse customers. Beaumont and others have urged the company to be more transparent, especially since customer trust and accountability are at stake. Oracle claims the affected systems were outdated and inactive, but sources told Bloomberg that some of the compromised credentials date back to 2024, raising questions about the extent of the breach.
Source https://securityaffairs.com/176278/data-breach/oracle-privately-notifies-cloud-data-breach-to-customers.html
