Oracle Cloud Now Admits To Having Been Hacked

Uploaded on 2025-04-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Following an initial denial, Oracle has now admitted to customers that a hacker broke into a computer system and stole ‘old’ client log-in credentials after breaching a legacy environment last used in 2017. 

However, while Oracle told customers that this is ‘old’ legacy data and that it is not sensitive, the threat actor behind the attack has posted new data from 2025 on a hacking forum. 

Now, Oracle has told clients that it has called in the leading cyber security firm, CrowdStrike, who are investigating the incident.

Another security firm, CybelAnglel, first revealed that Oracle told clients that an attacker who gained access to the company's Gen 1, which is also known as Oracle Cloud Classic, servers as early as January 2025 used a 2020 Java exploit to deploy a web shell and additional malware.

During the breach, detected in late February, the attacker, known as @rose87168, allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.

This comes after a threat actor placed 6 million data records for sale on a Dark Web criminal forum on March 20th 2025 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the data was legitimate, all of them apparently stolen from Oracle Cloud's federated SSO login servers.

Oracle continued to deny this, even after an archived URL showed that the threat actor uploaded a file containing their email address to one of Oracle's servers. Indeed, Oracle has consistently denied reports of a breach in Oracle Cloud since the incident surfaced and this is correct, to the extent that the breach was confined to an obsolescent platform, Oracle Cloud Classic.

The breach of an outdated platform has certainly had consequences for current users,  and Oracle has now confirmed a breach of Oracle Health, which affected US healthcare organisations and hospitals. Oracle Health said it detected the breach of legacy data migration servers on February 20, 2025, and that the attackers used compromised customer credentials to penetrate these servers sometime after January 22, 2025.

This high profile breach is the latest example of the risk to identity and access information, even when hosted by the most experienced cloud  infrastructure providers. 

Bloomberg   |   Bleeping Computer   |  Cybelangel     |   Reuters   |   Tech Market Review   |  Security Week 

Image: Ideogram

You Might Also Read: 

Five Best Practices For Secure & Scalable Cloud Migration:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« President Trump Fires National Security Agency Chief
Trump Gives TikTok Another 75 Days Extension »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

Snyk

Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

Cybersecurity & Infrastructure Security Agency (CISA) - USA

Cybersecurity & Infrastructure Security Agency (CISA) - USA

CISA leads the national effort to defend critical infrastructure against the threats of today and to secure against the evolving risks of tomorrow.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

Cyber Command - Estonian Defence Forces

Cyber Command - Estonian Defence Forces

The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s area of responsibility.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Blackpanda

Blackpanda

Blackpanda is Asia’s premier cyber security incident response group, hyper-focused on digital forensics and cyber crisis response.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.

Securitum

Securitum

Securitum is a leading penetration testing company in central and eastern Europe.