Oracle Cloud Denies It Has Been Breached

Uploaded on 2025-03-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A hacker called rose87168 has recently claimed to have stolen more than 6 million data records, including user credentials, from Oracle Cloud, which could affect more than 140,000 customers.

Now, cyber security firms are taking measures to protect customers and their own networks after claims of a massive attack against Oracle Cloud.

While the previously unknown hacked has claimed responsibility for the breach, Oracle has firmly denied it has any security issues.

Indeed, argument has intensified between Oracle and security researchers following allegations that hackers accessed this sensitive data from the company’s Cloud federated Single Sign-On (SSO) service. After initially releasing strong denials, Oracle has been silent, while security researchers have compiled evidence backing claims of an actual attack. 

These conflicting stories risk generating confusion for Oracle's customers, creating uncertainty about whether to take urgent security measures or trust the company's assurances that no breach occurred.

If Oracle is aware of any indicators connected to this incident, even without confirming a breach, the company should  provide guidance, metadata or other information that customers can use to validate potential exposure. This could include login time-stamps, user agent anomalies, or IP ranges linked to suspicious access. Meanwhile, cyber security providers are assessing the potential impacts across their networks and advising customers to take precautionary measures until Oracle can deliver clear guidance.

When there's a lack of information or delayed communication, it becomes increasingly difficult for potentially vulnerable users to react in time to protect themselves. Incidents like this demonstrate just how, with  modern technology supply chains, risks don't arise from from technical vulnerabilities, they  also arise from the speed at which they are able to respond.

@rose87168   |   Bleeping Computer   |   CyberSecurityDive   |   Computing  |   Dark Reading   |   CloudSEK  |  

SOC Radar

Image: Ideogram

You Might Also Read: 

CISA Finds Serious Problems In Oracle & Mitel Systems:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Half of Employees Use Shadow AI 
Elon Musk Has Sold X To His xAI Company »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

4ARMED

4ARMED

4ARMED services cover the end-to-end experience of securing modern software, from design and build through to deploy and test.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

CyRise

CyRise

CyRise is a venture accelerator focused squarely on early stage cyber security startups.

itbox.online

itbox.online

Itbox.online offers IT solutions to ensure that your company's technologies are always available and secure as your business demands.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.

Validia

Validia

Validia is a deepfake cybersecurity service that provides proactive and reactive defense to the deepfake threat enterprises increasingly face with the rapid growth of generative AI.

Business Communications Inc (BCI)

Business Communications Inc (BCI)

BCI is a leading technology company known for its exceptional team of experienced engineers with a focus on providing top-notch technology and security products and services.