HQ/EMEAFind out how we can help your business
The Oracle Cloud breach has raised concerns after multiple companies confirmed the validity of leaked data samples, contradicting Oracle’s firm denial of any security compromise.
A threat actor named ‘rose87168’ claimed to have infiltrated Oracle Cloud servers, stealing authentication data and encrypted passwords of 6 million users. Despite Oracle dismissing the claims, cybersecurity researchers and affected companies have provided evidence suggesting otherwise.
The hacker released text files containing database and LDAP data, along with a list of 140,621 allegedly impacted company domains. While some domains appeared to be test accounts, the authenticity of the leaked information was confirmed by multiple companies. Representatives, speaking under anonymity, verified that email addresses, LDAP display names, and other identifying details belonged to them. This confirmation contradicts Oracle’s statement that no customer data was stolen.
Further strengthening the claim of a breach, the threat actor provided an Archive[.]org link to a file hosted on Oracle’s server, which contained their email address, which suggests they were able to create files within Oracle’s system, an action only possible if a breach had occurred.
Additionally, the hacker shared email exchanges, one of which was sent to Oracle’s official security contact, claiming full access to 6 million accounts. Another email thread involved a person using a ProtonMail address, allegedly representing Oracle, though their identity remains unverified.
Security researchers have linked the alleged Oracle Cloud breach to a known vulnerability in Oracle Fusion Middleware 11g, tracked as CVE-2021-35587.
This flaw, allowing unauthorised attackers to compromise Oracle Access Manager, was present on the login[.]us2[.]oraclecloud[.]com server as of February 17, 2025. Following the breach reports, Oracle took this server offline but has not acknowledged any security failure or responded to further inquiries from cybersecurity experts.
The incident has left many questioning Oracle’s transparency regarding the situation. While the company insists no breach occurred, the evidence provided by security researchers and affected firms suggests otherwise. The hacker’s ability to access and distribute seemingly legitimate user data raises concerns about the safety of Oracle Cloud’s authentication systems.
With Oracle refusing to comment further, the uncertainty surrounding the Oracle Cloud breach remains unresolved. Cybersecurity experts continue to urge organisations using Oracle services to review their security measures and be vigilant for potential risks.
