Oracle Cloud Now Admits To Having Been Hacked

Uploaded on 2025-04-05 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Following an initial denial, Oracle has now admitted to customers that a hacker broke into a computer system and stole ‘old’ client log-in credentials after breaching a legacy environment last used in 2017. 

However, while Oracle told customers that this is ‘old’ legacy data and that it is not sensitive, the threat actor behind the attack has posted new data from 2025 on a hacking forum. 

Now, Oracle has told clients that it has called in the leading cyber security firm, CrowdStrike, who are investigating the incident.

Another security firm, CybelAnglel, first revealed that Oracle told clients that an attacker who gained access to the company's Gen 1, which is also known as Oracle Cloud Classic, servers as early as January 2025 used a 2020 Java exploit to deploy a web shell and additional malware.

During the breach, detected in late February, the attacker, known as @rose87168, allegedly exfiltrated data from the Oracle Identity Manager (IDM) database, including user emails, hashed passwords, and usernames.

This comes after a threat actor placed 6 million data records for sale on a Dark Web criminal forum on March 20th 2025 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the data was legitimate, all of them apparently stolen from Oracle Cloud's federated SSO login servers.

Oracle continued to deny this, even after an archived URL showed that the threat actor uploaded a file containing their email address to one of Oracle's servers. Indeed, Oracle has consistently denied reports of a breach in Oracle Cloud since the incident surfaced and this is correct, to the extent that the breach was confined to an obsolescent platform, Oracle Cloud Classic.

The breach of an outdated platform has certainly had consequences for current users,  and Oracle has now confirmed a breach of Oracle Health, which affected US healthcare organisations and hospitals. Oracle Health said it detected the breach of legacy data migration servers on February 20, 2025, and that the attackers used compromised customer credentials to penetrate these servers sometime after January 22, 2025.

This high profile breach is the latest example of the risk to identity and access information, even when hosted by the most experienced cloud  infrastructure providers. 

Bloomberg   |   Bleeping Computer   |  Cybelangel     |   Reuters   |   Tech Market Review   |  Security Week 

Image: Ideogram

You Might Also Read: 

Five Best Practices For Secure & Scalable Cloud Migration:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« President Trump Fires National Security Agency Chief
Trump Gives TikTok Another 75 Days Extension »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

Axient

Axient

Axient advances defense and civilian missions from aerospace to cyberspace with multi-domain test and analysis, mission engineering and operations, and advanced technologies.

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.

Cribl

Cribl

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy.

Black Bison Cyber

Black Bison Cyber

Black Bison Cyber is a premier cybersecurity firm specializing in elite, discreet, and highly personalized digital protection for high-profile individuals and executives.

Valmet

Valmet

Valmet is a leading global developer and supplier of process technologies, automation and services for the pulp, paper and energy industries.