Table of Contents
Oracle Corporation has come under intense scrutiny this week following explosive claims by a hacker alleging unauthorized access to over 6 million records from Oracle Cloud. The threat actor, operating under the alias “rose87168,” posted details on an underground forum, asserting they obtained sensitive data including Java KeyStore files, encrypted credentials, and SSO configurations.
The alleged attacker claims the breach exploited a vulnerability in Oracle’s Single Sign-On (SSO) and LDAP systems. According to a detailed post by threat intelligence firm CloudSEK, the hacker has been offering the data for sale while also soliciting assistance to decrypt files.
Oracle has categorically denied the breach. In a statement provided to Bleeping Computer, a spokesperson stated:
“There has been no breach of Oracle Cloud. The published credentials are not for Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”
Cybersecurity professionals are divided. Some users on Reddit’s r/cybersecurity questioned the authenticity of the hacker's claims, citing the lack of confirmed customer impact. Others warn that the nature of the leak—if genuine—poses significant risk to Oracle’s clients and demands a transparent investigation.
This alleged breach echoes previous security events that raised similar doubts before eventually being confirmed. As the cyber threat landscape evolves, Oracle's steadfast denial and commitment to transparency will be tested by how it addresses growing concern and technical scrutiny from the security community.