Was Oracle Cloud Breached or Are the Claims Fraudulent?

March 25, 2025

The technology world is abuzz with controversy as Oracle Cloud faces allegations of a significant security breach. Claims have surfaced on a cyber-crime forum suggesting that Oracle’s public cloud service was compromised, resulting in the theft of sensitive customer data, including security keys. The alleged breach supposedly exploited a vulnerability in Oracle’s single-sign-on (SSO) login servers. Oracle, one of the leading providers in cloud computing, has firmly denied these allegations, asserting that there was no breach and no customer data was lost. This stance has been reiterated by a company spokesperson who emphasized that the disclosed credentials were not related to Oracle Cloud.

Allegations and Oracle’s Denial

The miscreant presenting these claims posted what they alleged to be proof of the breach. They shared a text file purportedly from an Oracle Cloud login server, suggesting unauthorized access had been obtained. According to the individual, data was exfiltrated from both the EM2 and US2 login servers, including Java KeyStore files, encrypted SSO and LDAP passwords, and other critical pieces of information. Despite these detailed assertions, Oracle has remained steadfast in their denial, maintaining there was no security compromise.

An interesting development in this saga comes from the infosec firm CloudSEK. They noted that the US2 server was running Oracle Fusion Middleware 11G and might have been vulnerable to CVE-2021-35587. This significant security flaw in the Oracle Access Manager’s OpenSSO Agent could have potentially allowed attackers to access sensitive information without needing authentication. However, the connection between this vulnerability and the claimed breach remains speculative, with Oracle continuing to dispute any such breach occurred.

Miscreant’s Motivations and Actions

Complicating the narrative further, the miscreant attempted to monetize the alleged data theft. They sought to sell the stolen data on BreachForums, claiming to have attempted negotiations with Oracle for a $200 million cryptocurrency ransom. The data for sale reportedly involved thousands of Oracle Cloud customers, raising significant concerns about the potential impact if the claims were true. Adding to the complexity, the seller requested assistance decrypting the encrypted credentials to facilitate the illegal use of the data.

These actions highlight a growing trend where cyber-criminals not only steal data but also seek to leverage it for substantial financial gain. The cyber-criminal’s claim of having tried to extort a nine-figure sum from Oracle adds a dramatic twist to the story, making it harder to discern the truth. The conflicting narratives from Oracle and the miscreant continue to create uncertainty, leaving customers in a state of confusion and concern.

Implications for Cloud Security

The tech world is currently in turmoil as Oracle Cloud faces allegations regarding a major security breach. Reports have emerged on a cyber-crime forum claiming Oracle’s public cloud service was compromised, resulting in the theft of sensitive customer information, including security keys. Allegedly, this breach exploited a vulnerability in Oracle’s single-sign-on (SSO) login servers. However, Oracle, a frontrunner in the cloud computing industry, has strongly denied these accusations, insisting there was no security breach and no customer data was lost. A company spokesperson reiterated this stance, emphasizing that the credentials disclosed in the rumors were not connected to Oracle Cloud. Oracle remains firm on its position, underscoring their commitment to maintaining robust security protocols and ensuring the safety of their customers’ data. This situation highlights the ongoing concerns around cloud security and the importance of vigilance against potential vulnerabilities.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later