Excerpt from The Register Article, Published on Mar 23, 2025.
Oracle has strongly denied claims that its Cloud platform was breached after a hacker, going by the alias rose87168, alleged that they had stolen sensitive Oracle Cloud data. The cybercriminal posted on a dark web forum, claiming to have obtained security keys, encrypted passwords, and confidential credentials from Oracle Cloud’s login servers.
According to the hacker, they accessed at least one Oracle Cloud SSO server—login.us2.oraclecloud.com—by exploiting a vulnerability. They even uploaded a text file to an Oracle Cloud login server as supposed proof of the breach. However, Oracle quickly dismissed these allegations, stating, “There has been no breach of Oracle Cloud.” The company also clarified that the leaked credentials were not related to Oracle Cloud customers and that no user data was compromised. Cybersecurity experts have speculated that an unpatched Oracle Cloud server running Oracle Fusion Middleware 11G might have been exploited through CVE-2021-35587, a critical vulnerability in Oracle Access Manager’s OpenSSO Agent. If left unpatched, this flaw could allow unauthorized access to Oracle Cloud’s sensitive data.
The hacker further claimed to have stolen six million records belonging to Oracle Cloud customers, including Java KeyStore files, SSO passwords, LDAP credentials, and Enterprise Manager keys. They allegedly contacted Oracle a month ago, demanding over $200 million in cryptocurrency in exchange for details about the breach. After Oracle refused, the data was put up for sale on BreachForums, with the hacker even offering companies the option to pay to remove their data from the leak. While Oracle continues to insist that its Cloud remains secure, this controversy underscores the persistent cybersecurity threats facing Cloud providers. Whether Oracle Cloud was actually breached or not, the allegations raise concerns about security vulnerabilities and the risks of unpatched systems.
To delve deeper into this topic, please read the full article The Register.
