Skip to main content

Oracle Cloud Breach Denial Controversy

Redoracle TeamOriginalMarch 23, 2025About 2 minNewsdata breachunauthorized accessvulnerabilityincident response

Oracle Cloud Breach Denial Controversy

Image

Introduction

The Oracle Cloud Breach Denial Controversy has sparked significant attention in the cybersecurity community. Despite allegations from a hacker claiming access to 6 million records from Oracle Cloud, Oracle Corporation has firmly denied any breach. This denial has raised questions about data security, unauthorized access, vulnerabilities, and incident response in cloud infrastructures.

Key Highlights

  • Who: Oracle Corporation denies breach claims made by a hacker identified as 'rose87168'.
  • What: A cyberattack reportedly led to the exfiltration of sensitive data from Oracle Cloud.
  • When: The attack claims began in January 2025.
  • Where: The hacker targeted Oracle Cloud, specifically a subdomain login.us2.oraclecloud.com.
  • Why: The hacker aimed to sell the stolen data on dark web forums.
  • How: By exploiting a zero-day vulnerability in Oracle Fusion Middleware.

Insights & Analysis

The incident, investigated by CloudSEK's XVigil platform, reported the theft of 6 million records, potentially affecting over 140,000 tenants. The attack may have exploited a known vulnerability in Oracle's software, specifically CVE-2021-35587, which could lead to a complete takeover of the Oracle Cloud environment.

Oracle's response denying any breach contradicts CloudSEK's findings and the hacker's claims. If the breach is confirmed, the implications could be severe, including unauthorized access, corporate espionage, and compromised encrypted passwords.

CloudSEK has provided recommendations for affected organizations, including immediate credential rotation, thorough incident response, continuous threat intelligence monitoring, engagement with Oracle Security, and strengthening access controls.

Conclusion

The Oracle Cloud Breach Denial Controversy underscores the importance of robust cybersecurity measures in cloud environments. Organizations using Oracle Cloud should remain vigilant and proactive in their security measures to mitigate the risks of data breaches and unauthorized access. For further information and fact-checking, refer to the following links: Oracle Denies Breach Amid Hacker’s Claim of Access to 6 Million Records, Have I Been Pwned Expands Database with ALIEN TXTBASE Data: 280 Million Emails & Passwords, Comprehensive Analysis of Recent Cybersecurity Threats: The Backdoor Vulnerability in Linux Systems.

Last Updated: