Oracle Cloud Denies It Has Been Breached

Uploaded on 2025-03-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A hacker called rose87168 has recently claimed to have stolen more than 6 million data records, including user credentials, from Oracle Cloud, which could affect more than 140,000 customers.

Now, cyber security firms are taking measures to protect customers and their own networks after claims of a massive attack against Oracle Cloud.

While the previously unknown hacked has claimed responsibility for the breach, Oracle has firmly denied it has any security issues.

Indeed, argument has intensified between Oracle and security researchers following allegations that hackers accessed this sensitive data from the company’s Cloud federated Single Sign-On (SSO) service. After initially releasing strong denials, Oracle has been silent, while security researchers have compiled evidence backing claims of an actual attack. 

These conflicting stories risk generating confusion for Oracle's customers, creating uncertainty about whether to take urgent security measures or trust the company's assurances that no breach occurred.

If Oracle is aware of any indicators connected to this incident, even without confirming a breach, the company should  provide guidance, metadata or other information that customers can use to validate potential exposure. This could include login time-stamps, user agent anomalies, or IP ranges linked to suspicious access. Meanwhile, cyber security providers are assessing the potential impacts across their networks and advising customers to take precautionary measures until Oracle can deliver clear guidance.

When there's a lack of information or delayed communication, it becomes increasingly difficult for potentially vulnerable users to react in time to protect themselves. Incidents like this demonstrate just how, with  modern technology supply chains, risks don't arise from from technical vulnerabilities, they  also arise from the speed at which they are able to respond.

@rose87168   |   Bleeping Computer   |   CyberSecurityDive   |   Computing  |   Dark Reading   |   CloudSEK  |  

SOC Radar

Image: Ideogram

You Might Also Read: 

CISA Finds Serious Problems In Oracle & Mitel Systems:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Half of Employees Use Shadow AI 
Elon Musk Has Sold X To His xAI Company »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IONU Security

IONU Security

IONU offer a security platform focused specifically on providing Data-centric Security.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

Eperi

Eperi

Eperi is a leading provider of Cloud Data Protection (CDP) solutions with 15 years of experience in data encryption for databases, (SaaS) applications and files.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

EmberOT

EmberOT

EmberOT is at the forefront of operational technology (OT) security, offering cutting-edge solutions designed to protect critical infrastructure within energy, utilities, and manufacturing sectors.