Ethical Hacking News
Oracle has confirmed that two obsolete servers on their cloud infrastructure were compromised, resulting in the theft of sensitive customer data. However, despite this breach, Oracle assured its customers that no Oracle Cloud systems or customer data were affected. In this article, we will delve into the details of the incident and explore the implications for affected customers.
The two obsolete servers on Oracle's cloud infrastructure were compromised, resulting in the theft of sensitive customer data. A threat actor gained access to over 140,000 Oracle Cloud tenants and published 10,000 customer records as proof of their activities. Oracle initially denied any involvement, but later took the server offline after researchers pointed out that the vulnerability was due to an outdated version of Oracle Fusion Middleware. The breach highlights concerns about the security of Oracle's cloud infrastructure and the need for greater transparency and accountability from companies when it comes to data breaches.
Oracle has recently confirmed that two obsolete servers on their cloud infrastructure were compromised, resulting in the theft of sensitive customer data. However, in a remarkable display of digital doublespeak, the company assured its customers that no Oracle Cloud systems or customer data were affected by the breach.
The incident, which occurred in January 2025, saw a threat actor, known as "rose87168", gain access to the two outdated servers and steal credentials from over 140,000 Oracle Cloud tenants. The hacker then published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video, as proof of their nefarious activities.
The breach was initially reported by cyber security firm CybelAngel, which stated that Oracle had communicated to stakeholders about a security incident involving their Gen 1 servers. BleepingComputer also confirmed the leaked Oracle data as authentic, including accurate LDAP names, emails, and other identifiers.
Despite the company's denials, researchers have pointed out that the vulnerability exploited in the breach was due to an outdated version of Oracle Fusion Middleware, which was running on one of the compromised servers. Oracle has since taken the server offline and assured its customers that no customer data was exposed.
The incident raises serious concerns about the security of Oracle's cloud infrastructure and the potential implications for affected customers. It also highlights the need for greater transparency and accountability from companies when it comes to data breaches.
As one researcher noted, "Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility. This is not okay. Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they're doing about it. This is a matter of trust and responsibility. Step up, Oracle – or customers should start stepping off."
The incident also serves as a reminder of the importance of regular security updates and patches. As another researcher pointed out, "A vulnerable Oracle Fusion Middleware version was running on the compromised server. It's a classic case of patch management gone wrong."
In conclusion, the recent data breach at Oracle highlights the need for greater transparency and accountability from companies when it comes to data breaches. It also serves as a reminder of the importance of regular security updates and patches.
Related Information:
https://www.ethicalhackingnews.com/articles/Oracles-Cloudy-Conundrum-A-Deep-Dive-into-the-Recent-Data-Breach-ehn.shtml
https://securityaffairs.com/176398/data-breach/oracle-confirms-the-hack-of-two-obsolete-servers-hacked-no-oracle-cloud-systems-or-customer-data-were-affected.html
Published: Thu Apr 10 06:00:13 2025 by llama3.2 3B Q4_K_M
