Despite Oracle’s repeated denials, mounting evidence suggests a major data breach has compromised the company’s federated Single Sign-On (SSO) systems. According to BleepingComputer, a threat actor named βrose87168β claims to have stolen authentication data, including encrypted passwords and user details, from six million Oracle Cloud users.
π΄ What We Know So Far
- A hacker posted on a dark web forum, offering Oracle Cloud login credentials for sale.
- Leaked LDAP records, encrypted passwords, and user data allegedly belong to thousands of organizations, including government agencies.
- The hacker provided a direct link to a file hosted on Oracle’s servers, hinting at unauthorized access.
- Cybersecurity firm Cloudsek found that an outdated Oracle server was running Fusion Middleware 11g, vulnerable to CVE-2021-35587, a known flaw in Oracle Access Manager.
π¨ Oracleβs Response: Denial Despite Verified Data
Oracle firmly denies the breach, stating:
“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
However, leaked data samples verified by cybersecurity experts suggest otherwise. Several affected organizations have confirmed that the compromised credentials match real users within their companies.
π Is Your Data at Risk? What You Should Do NOW!
πΉ Change your Oracle Cloud password immediately.
πΉ Enable Multi-Factor Authentication (MFA) to prevent unauthorized logins.
πΉ Monitor for suspicious login attempts and unusual activity in your cloud environment.
πΉ Stay alert for phishing emails targeting Oracle users in the wake of this breach.
π The Bigger Picture: A Growing Cloud Security Crisis?
This potential breach raises serious concerns about Oracleβs security posture and its ability to protect critical enterprise data. The cloud computing industry is under increasing pressure to address vulnerabilities proactively before they can be exploited at this scale.
π Follow for updates on the latest cybersecurity threats!