Oracle has firmly rejected accusations of a significant data breach affecting its cloud services. The tech giant issued a blunt statement to BleepingComputer, categorically denying that any Oracle Cloud systems were compromised. Period. They also insisted the credentials floating around online have nothing to do with their cloud services, and not a single customer has reported data loss or security incidents.
Pretty convenient timing, if you ask me.
Meanwhile, a hacker calling themselves “rose87168” is telling a completely different story. This cybercriminal claims they’ve swiped 6 million records from Oracle Cloud federated SSO login servers. Not exactly small potatoes. They’re hawking this alleged treasure trove on BreachForums, asking for either cash or zero-day exploits in exchange.
Hacker rose87168 claims to have pilfered millions of Oracle Cloud records and is now peddling the digital loot on underground forums.
As proof, they uploaded a file to login.us2.oraclecloud.com and released sample database files containing what looks like legitimate LDAP information. The stolen data supposedly includes encrypted SSO passwords, Java Keystore files, and enterprise manager JPS keys. Serious stuff.
The hacker claims they’ve been inside Oracle’s systems for about 40 days. That’s longer than most people stick to their New Year’s resolutions.
CloudSEK, a cybersecurity firm that discovered the alleged breach, reports over 140,000 tenants might be affected. They suspect an undisclosed vulnerability in Oracle WebLogic servers is to blame. The threat has been rated as high severity with medium confidence.
Things got even weirder when the hacker claimed they tried to negotiate a 100,000 XMR ransom with Oracle. According to rose87168, Oracle refused to pay but asked for vulnerability details anyway. Talk about wanting something for nothing.
If true, the breach could lead to unauthorized system access, corporate espionage, and significant financial and reputational damage. This type of attack represents why zero trust architecture is becoming essential for organizations dealing with sensitive data. This incident is being classified as one of the biggest supply chain hacks in recent history due to its scale and potential impact. But Oracle’s standing firm: no breach, no problem, nothing to see here. Just another day in cybersecurity theater. The company maintains its position that there has been no Oracle Cloud breach despite the extensive evidence presented by the hacker.
