In a recent cybersecurity incident, a threat actor identified as "rose87168" asserted unauthorized access to Oracle Cloud's infrastructure, claiming the exfiltration of six million records. This purported breach is said to impact over 140,000 businesses across various sectors. The compromised data allegedly includes Java Keystore (JKS) files, encrypted Single Sign-On (SSO) passwords, key files, and Enterprise Manager Java Platform Security (JPS) keys.
Oracle's Firm Denial
Contradicting these claims, Oracle has stated unequivocally that no breach of their Oracle Cloud services has occurred. The company emphasized that the credentials publicized by the threat actor are not associated with Oracle Cloud, and no customer data has been compromised.
Investigative Insights
Cybersecurity firm CloudSEK's XVigil platform reported the alleged breach on March 21, 2025. Their findings suggest that the attacker exploited a vulnerability in Oracle's login infrastructure, explicitly targeting the subdomain login.us2.oraclecloud.com. This subdomain reportedly ran an outdated Oracle Fusion Middleware 11G version, which is known to have critical vulnerabilities, such as CVE-2021-35587, which affects Oracle Access Manager.
While Oracle disputes the breach allegations, the situation underscores the critical importance of proactive cybersecurity measures. Organizations must remain vigilant, ensuring their systems are up-to-date and fortified against emerging threats.
Oracle's Firm Denial
Contradicting these claims, Oracle has stated unequivocally that no breach of their Oracle Cloud services has occurred. The company emphasized that the credentials publicized by the threat actor are not associated with Oracle Cloud, and no customer data has been compromised.
Investigative Insights
Cybersecurity firm CloudSEK's XVigil platform reported the alleged breach on March 21, 2025. Their findings suggest that the attacker exploited a vulnerability in Oracle's login infrastructure, explicitly targeting the subdomain login.us2.oraclecloud.com. This subdomain reportedly ran an outdated Oracle Fusion Middleware 11G version, which is known to have critical vulnerabilities, such as CVE-2021-35587, which affects Oracle Access Manager.
While Oracle disputes the breach allegations, the situation underscores the critical importance of proactive cybersecurity measures. Organizations must remain vigilant, ensuring their systems are up-to-date and fortified against emerging threats.