Skip to main content
Customer Support Customer Support

Oracle hid serious data breach from customers, now hacker has it up for sale

  • March 31, 2025
  • 1 reply
  • 7 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

See Also - Oracle denies breach after hacker claims theft of 6 million data records

 

Company remains quiet since denying the attack, even after researchers conclude the breach is real

 

March 31,  2025 By Cal Jeffrey 

 

Oracle hid serious data breach from customers, now hacker has it up for sale

 

In context: As sickening as it is to admit, data breaches have become a fact of life. We cannot go more than a month without one company or another announcing that a hacker or poor security hygiene left its clients exposed. As annoying as that is, it's even more irritating when the company tries to hide the intrusion.

Earlier this month, a threat actor going by Rose87168 claimed to have breached Oracle Cloud's federated SSO servers and exfiltrated around 6 million records, affecting over 144,000 Oracle clients. The hacker provided an internal customer list and threatened to sell the data unless clients paid to remove their data from the trove, which included single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, tenant data, and more. Rose87168 has also solicited help from the hacking community to crack the hashed password in trade for some of the data.

A day after the threat actor posted a small sample of the data, Oracle told Bleeping Computer there was no breach of its cloud service. Upon Oracle's denial, Rose87168 began leaking "proof" to the media and security researchers. Security group Hudson Rock and experts at CloudSEK concluded that the data and credentials are legitimate.

 

>>Full Article<<

    ProTruckDriver
    Jasper_The_Rasper
    Ssherjj
    4 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    • TripleHelix
      TripleHelix

    1 reply

    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54

    Oracle privately confirms Cloud breach to customers

     

    April 3,  2025 By Sergiu Gatlan

     

    Oracle Health

    Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported.

    However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum.

    According to Bloomberg, the company also informed clients that cybersecurity firm CrowdStrike and the FBI are investigating the incident.

    Cybersecurity firm CybelAngel first revealed that Oracle told clients that an attacker who gained access to the company's Gen 1 (also known as Oracle Cloud Classic) servers as early as January 2025 used a 2020 Java exploit to deploy a web shell and additional malware.

    During the breach, detected in late February, the attacker allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.

     

    >>Full Article<<

    Jasper_The_Rasper
    1 person likes this
    • Jasper_The_Rasper
      Jasper_The_Rasper

    Reply


    Terms & Conditions