Oracle Cloud Now Admits To Having Been Hacked

Following an initial denial, Oracle has now admitted to customers that a hacker broke into a computer system and stole ‘old’ client log-in credentials after breaching a legacy environment last used in 2017. 

However, while Oracle told customers that this is ‘old’ legacy data and that it is not sensitive, the threat actor behind the attack has posted new data from 2025 on a hacking forum. 

Now, Oracle has told clients that it has called in the leading cyber security firm, CrowdStrike, who are investigating the incident.

Another security firm, CybelAnglel, first revealed that Oracle told clients that an attacker who gained access to the company's Gen 1, which is also known as Oracle Cloud Classic, servers as early as January 2025 used a 2020 Java exploit to deploy a web shell and additional malware.

During the breach, detected in late February, the attacker, known as @rose87168, allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.

This comes after a threat actor placed 6 million data records for sale on a Dark Web criminal forum on March 20th 2025 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the data was legitimate, all of them apparently stolen from Oracle Cloud's federated SSO login servers.

Oracle continued to deny this, even after an archived URL showed that the threat actor uploaded a file containing their email address to one of Oracle's servers. Indeed, Oracle has consistently denied reports of a breach in Oracle Cloud since the incident surfaced and this is correct, to the extent that the breach was confined to an obsolescent platform, Oracle Cloud Classic.

The breach of an outdated platform has certainly had consequences for current users,  and Oracle has now confirmed a breach of Oracle Health, which affected US healthcare organisations and hospitals. Oracle Health said it detected the breach of legacy data migration servers on February 20, 2025, and that the attackers used compromised customer credentials to penetrate these servers sometime after January 22, 2025.

This high profile breach is the latest example of the risk to identity and access information, even when hosted by the most experienced cloud  infrastructure providers. 

Bloomberg   |   Bleeping Computer   |  Cybelangel     |   Reuters   |   Tech Market Review   |  Security Week 

Image: Ideogram

You Might Also Read: 

Five Best Practices For Secure & Scalable Cloud Migration:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« President Trump Fires National Security Agency Chief
Trump Gives TikTok Another 75 Days Extension »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

European Defence Agency (EDA)

European Defence Agency (EDA)

EDAs mission is to improve European defence capabilities. Programme areas include Cyber Defence.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

AnubisNetworks

AnubisNetworks

AnubisNetworks is one of Europe’s leading threat intelligence and email security suppliers.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Data Theorem

Data Theorem

Data Theorem is a leading provider in modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

GoTo

GoTo

At GoTo we help people and businesses to connect and collaborate simply and securely – from anywhere. We’re the trusted partner for companies of all sizes.

Prowler

Prowler

Prowler is at the forefront of the Open Cloud Security movement, championing a new era of transparency, customizability, and community-driven security for cloud environments.

Pillar Security

Pillar Security

Pillar Security are building the unified AI security platform to identify, assess, and mitigate security risks across your entire AI lifecycle.