Ethical Hacking News
Oracle has denied a breach after a hacker claimed it had stolen six million data records from its cloud services. The incident raises concerns about cloud security and the potential risks associated with sensitive information being compromised.
Oracle has denied a hacker's claim that it stole six million data records from its Oracle Cloud federated SSO login servers. A threat actor called rose87168 claimed to have accessed the platform and shared sample data, including LDAP information and company lists affected by the breach. Oracle states that published credentials were not for the cloud service and no customers experienced breaches or data loss. The alleged breach raises concerns about cloud security measures and the risks associated with sensitive information being compromised.
Oracle has denied any breach of its cloud services following a hacker's claim that it had stolen six million data records from the company's Oracle Cloud federated SSO login servers. The incident, which was reported on March 21, 2025, has raised concerns about the security of cloud-based systems and the potential for sensitive information to be compromised.
According to reports, a threat actor known as rose87168 claimed that it had accessed Oracle Cloud's SSO platform and stolen large quantities of data. The hacker shared a sample database, LDAP information, and a list of companies that they claimed were affected by the breach. Additionally, the threat actor provided a URL showing an Internet Archive link to a .txt file containing their ProtonMail email address on one of the Oracle Cloud servers.
However, in response to these claims, Oracle has stated that there was no breach of its cloud services. The company's statement notes that the published credentials were not for the Oracle Cloud and that no Oracle Cloud customers experienced any breaches or data loss. Furthermore, Oracle emphasized that it had taken steps to secure its systems and protect customer data.
The alleged breach raises questions about the security measures in place at cloud service providers and the potential risks associated with sensitive information being compromised. It also highlights the importance of cybersecurity awareness and the need for companies to take proactive steps to protect their data.
Rose87168, the threat actor responsible for claiming the breach, has offered to sell the allegedly stolen data on the BreachForums hacking forum. The hacker claims that the data includes encrypted SSO passwords, Java Keystore (JKS) files, key files, and enterprise manager JPS keys, which were stolen after hacking into 'login.(region-name).oraclecloud.com' Oracle servers.
The threat actor stated that they gained access to Oracle Cloud servers around 40 days ago and claimed to have emailed the company after exfiltrating data from the US2 and EM2 cloud regions. However, in response to Oracle's denial of the breach, the hacker reportedly refused to provide any further information about the breach or how it occurred.
The incident has sparked concerns among cybersecurity experts and customers alike. Many are calling for increased transparency and security measures at cloud service providers, as well as greater awareness about the potential risks associated with sensitive information being compromised.
In response to these concerns, Oracle has emphasized its commitment to protecting customer data and securing its systems. The company has also provided additional information about its cybersecurity measures and the steps it is taking to address the alleged breach.
As the situation continues to unfold, one thing is clear: the alleged breach of Oracle Cloud's SSO platform highlights the importance of prioritizing cybersecurity awareness and taking proactive steps to protect sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/Oracle-Denies-Alleged-Breach-After-Hacker-Claims-Theft-of-6-Million-Data-Records-ehn.shtml
https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/
https://cybersecuritynews.com/hackers-claim-leak-of-oracle-data/
Published: Fri Mar 21 16:15:03 2025 by llama3.2 3B Q4_K_M
