Oracle Cloud Breach: Hacker Threatens to Sell 6 Million Stolen Records Online
In a major cybersecurity alert, a hacker known by the alias "rose87168" has claimed responsibility for a massive Oracle Cloud breach, alleging the theft of over 6 million sensitive records. The stolen data reportedly includes Java KeyStore (JKS) files, Single Sign-On (SSO) passwords, LDAP credentials, and Enterprise Manager JPS keys, sparking serious concerns among enterprises using Oracle Cloud Infrastructure (OCI).
Hacker Threatens to Sell Oracle Cloud Data
The alleged attacker is reportedly offering the data for sale on underground hacking forums, and has even threatened to extort affected organizations by demanding payment in exchange for not leaking the data. This has escalated fears of potential data leaks, financial fraud, and identity theft among users of Oracle services.
Trustwave SpiderLabs Confirms Evidence of Intrusion
Trustwave SpiderLabs, a prominent cybersecurity research team, has provided supporting evidence suggesting the breach may be genuine. Their analysis points to the possibility that the hacker exploited CVE-2021-35587, a known vulnerability in Oracle Access Manager, which may have affected systems running Oracle Fusion Middleware.
Cloud security analysts at CloudSEK have also backed these claims, highlighting that outdated software components could have been a gateway for unauthorized access to Oracle's systems.
Oracle Denies the Breach
In response to the reports, Oracle has publicly denied any breach of its cloud infrastructure, stating that the credentials shown are not associated with any live Oracle Cloud accounts and that no customer data has been compromised. The company emphasized its continued efforts to secure its cloud services and protect its customer base.
Impact: Over 140,000 Customers at Risk?
If the hacker’s claims are verified, the breach could impact more than 140,000 enterprise customers worldwide, making it one of the most significant cloud security breaches in recent years.
What Should Oracle Cloud Users Do Now?
Security Recommendations:
- Immediately change all SSO, LDAP, and admin passwords
- Enable multi-factor authentication (MFA) for all Oracle services
- Audit your Oracle Cloud access logs for any suspicious activity
- Patch all Oracle software, especially Oracle Access Manager
- Report anomalies directly to Oracle support and stay updated on official statements