Oracle Cloud Denies It Has Been Breached

Uploaded on 2025-03-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A hacker called rose87168 has recently claimed to have stolen more than 6 million data records, including user credentials, from Oracle Cloud, which could affect more than 140,000 customers.

Now, cyber security firms are taking measures to protect customers and their own networks after claims of a massive attack against Oracle Cloud.

While the previously unknown hacked has claimed responsibility for the breach, Oracle has firmly denied it has any security issues.

Indeed, argument has intensified between Oracle and security researchers following allegations that hackers accessed this sensitive data from the company’s Cloud federated Single Sign-On (SSO) service. After initially releasing strong denials, Oracle has been silent, while security researchers have compiled evidence backing claims of an actual attack. 

These conflicting stories risk generating confusion for Oracle's customers, creating uncertainty about whether to take urgent security measures or trust the company's assurances that no breach occurred.

If Oracle is aware of any indicators connected to this incident, even without confirming a breach, the company should  provide guidance, metadata or other information that customers can use to validate potential exposure. This could include login time-stamps, user agent anomalies, or IP ranges linked to suspicious access. Meanwhile, cyber security providers are assessing the potential impacts across their networks and advising customers to take precautionary measures until Oracle can deliver clear guidance.

When there's a lack of information or delayed communication, it becomes increasingly difficult for potentially vulnerable users to react in time to protect themselves. Incidents like this demonstrate just how, with  modern technology supply chains, risks don't arise from from technical vulnerabilities, they  also arise from the speed at which they are able to respond.

@rose87168   |   Bleeping Computer   |   CyberSecurityDive   |   Computing  |   Dark Reading   |   CloudSEK  |  

SOC Radar

Image: Ideogram

You Might Also Read: 

CISA Finds Serious Problems In Oracle & Mitel Systems:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Half of Employees Use Shadow AI 
Elon Musk Has Sold X To His xAI Company »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

YL Ventures

YL Ventures

YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

Fenix24

Fenix24

Fenix24 is an industry leader in the incident-response space. We ensure the fastest response, leading to the full restoration of critical infrastructure, data, and systems.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Servadus

Servadus

Servadus help organizations with their cybersecurity and compliance programs through management and sustainability, consulting, and assessing.