Oracle Corporation has officially denied a breach of its Oracle Cloud federated single sign-on (SSO) login servers, even as multiple companies confirm the validity of data samples allegedly stolen from the tech giant. The dispute arose after a threat actor known as ‘rose87168’ claimed to have compromised Oracle’s servers and began selling authentication data for 6 million users, including encrypted passwords.
According to a report from BleepingComputer, the individual shared several text files consisting of potentially sensitive information, including LDAP data and a listing of 140,621 domains of companies that may have been affected. With many of the domains appearing dubious, some analysts express concern about the credibility of the claims.
In addition to the raw data, rose87168 provided an Archive.org URL to a text file hosted on Oracle’s server, which featured their email address. This evidence purportedly signifies that the hacker had the capability to create files on Oracle’s infrastructure, suggesting a serious security breach.
Despite these alarming claims, Oracle’s representatives have steadfastly asserted that no customer data has been compromised, stating, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data,” as reported by BleepingComputer.
Contrary to Oracle’s claims, representatives from various companies confirmed the authenticity of the leaked data, which included LDAP display names and email addresses matching their records. Email exchanges shared by the hacker reportedly detail communications with Oracle’s security team, indicating serious vulnerabilities that could endanger user information.
Moreover, cybersecurity firm Cloudsek discovered that the compromised server—allegedly linked to the breach—was operating an outdated version of Oracle Fusion Middleware, which had known vulnerabilities that attackers could exploit. The server was taken offline shortly after reports of the breach emerged.
This incident raises significant concerns about the security measures employed by Oracle, highlighting a potential oversight in managing user data. As investigations continue, the technology industry anxiously awaits Oracle’s next steps and whether further revelations will emerge regarding the severity of this alleged breach.