Oracle has firmly denied allegations of a cloud breach after a hacker claimed to possess millions of sensitive records allegedly stolen from Oracle Cloud systems.
The hacker, known online as ‘rose87168’, recently surfaced on a well-known hacking forum, offering data supposedly linked to over 140,000 Oracle Cloud tenants. The threat actor claimed access to a massive trove—six million lines of data, including SSO (Single Sign-On) and LDAP (Lightweight Directory Access Protocol) passwords.
However, the hacker quickly admitted that the stolen passwords were fully encrypted and cracking them proved impossible.
Cloud Security Experts Suggest Possible Exploit Behind the Claims
Cybersecurity experts from CloudSEK, who reviewed the hacker’s claims, suggested the breach might have stemmed from exploiting a known Oracle vulnerability. One potential weak spot is CVE-2021-35587, a critical flaw affecting Oracle Fusion Middleware—a product widely used in enterprise environments.
Despite this possibility, Oracle has strongly pushed back, denying any Oracle Cloud breach or compromise of customer data.
“There has been no breach of Oracle Cloud. The credentials posted online do not belong to Oracle Cloud, and no Oracle Cloud customer has suffered any data loss,” an Oracle spokesperson confirmed in a statement on Monday.
Hacker Tries to Prove Cloud Access with Dubious Evidence
Unwilling to back down, the hacker escalated the situation by posting on the X platform (formerly Twitter), sharing a link that allegedly proved access to Oracle Cloud systems. The shared evidence involved uploading a simple text file containing the hacker’s email address into Oracle’s systems.
Although the file was promptly removed, a snapshot of it was preserved by the Wayback Machine, with the timestamp dated March 1.
Yet, security experts remain skeptical. The file upload, while concerning, doesn’t confirm deep access or a successful breach of Oracle Cloud’s core infrastructure.
Real Breach or Elaborate Hoax? Experts Weigh In
As the debate rages on, several possibilities are being considered. Some cybersecurity analysts believe that if any breach occurred, it might have involved a third-party service connected to Oracle rather than Oracle Cloud itself.
There’s also the lingering possibility that the entire data leak is fabricated. Security professionals regularly encounter situations where hackers exaggerate their access or leverage minimal penetration to sell the illusion of a breach.
Fabricated leaks and social engineering stunts are common in hacking circles, designed to lure buyers or stir panic.
Final Thoughts
While Oracle maintains its stance that Oracle Cloud remains secure, the situation underscores the constant threats facing cloud service providers. The incident serves as a reminder for businesses to prioritize cloud security, regularly patch vulnerabilities, and monitor third-party access to prevent potential breaches.
For now, Oracle customers can rest assured—no verified data loss has occurred, and Oracle continues to stand by the security of its cloud services.
