Oracle Cloud Now Admits To Having Been Hacked

Uploaded on 2025-04-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Following an initial denial, Oracle has now admitted to customers that a hacker broke into a computer system and stole ‘old’ client log-in credentials after breaching a legacy environment last used in 2017. 

However, while Oracle told customers that this is ‘old’ legacy data and that it is not sensitive, the threat actor behind the attack has posted new data from 2025 on a hacking forum. 

Now, Oracle has told clients that it has called in the leading cyber security firm, CrowdStrike, who are investigating the incident.

Another security firm, CybelAnglel, first revealed that Oracle told clients that an attacker who gained access to the company's Gen 1, which is also known as Oracle Cloud Classic, servers as early as January 2025 used a 2020 Java exploit to deploy a web shell and additional malware.

During the breach, detected in late February, the attacker, known as @rose87168, allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.

This comes after a threat actor placed 6 million data records for sale on a Dark Web criminal forum on March 20th 2025 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the data was legitimate, all of them apparently stolen from Oracle Cloud's federated SSO login servers.

Oracle continued to deny this, even after an archived URL showed that the threat actor uploaded a file containing their email address to one of Oracle's servers. Indeed, Oracle has consistently denied reports of a breach in Oracle Cloud since the incident surfaced and this is correct, to the extent that the breach was confined to an obsolescent platform, Oracle Cloud Classic.

The breach of an outdated platform has certainly had consequences for current users,  and Oracle has now confirmed a breach of Oracle Health, which affected US healthcare organisations and hospitals. Oracle Health said it detected the breach of legacy data migration servers on February 20, 2025, and that the attackers used compromised customer credentials to penetrate these servers sometime after January 22, 2025.

This high profile breach is the latest example of the risk to identity and access information, even when hosted by the most experienced cloud  infrastructure providers. 

Bloomberg   |   Bleeping Computer   |  Cybelangel     |   Reuters   |   Tech Market Review   |  Security Week 

Image: Ideogram

You Might Also Read: 

Five Best Practices For Secure & Scalable Cloud Migration:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« President Trump Fires National Security Agency Chief

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

RealTyme

RealTyme

RealTyme is a secure communication and collaboration platform with privacy and human experience at its core.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

Texaport

Texaport

Texaport's vision is to be the trusted partner of choice for organisations seeking comprehensive IT management and cutting-edge security solutions.

Emantra

Emantra

Emantra specialises in the enablement of Secure Cloud services through it’s comprehensive Sovereign Cloud Hosting, Secure Access Service Edge, and managed services.