Home Innovation Oracle Oracle Faces Growing Pressure ...

Oracle Faces Growing Pressure over Cloud Data Breach Claims Amid Leaked Evidence

Oracle

Business Honor
28 March, 2025

Oracle's denial of a breach is challenged as proof of stolen data surfaces.

Oracle's recent rejection of claims regarding a data breach affecting its Oracle Cloud federated SSO login servers is under increasing scrutiny. Despite the company's denial, multiple cybersecurity experts and affected organizations have confirmed the authenticity of stolen data circulating on the dark web. These developments have raised questions about Oracle's response and its handling of the situation.

The breach was initially reported by a hacker identified as “rose87168,” who claimed to be selling six million records containing sensitive account information from Oracle Cloud customers. The data leak appears to have stemmed from vulnerability within a now-removed Oracle Cloud subdomain. According to CloudSEK, a cybersecurity firm, this flaw may have allowed unauthorized access and the exfiltration of confidential data.

While Oracle has consistently dismissed the breach as unsubstantiated, investigations by independent researchers and organizations that are clients of Oracle have confirmed the stolen data matches records from affected clients. Additionally, the threat actor uploaded files directly to an Oracle login server, further suggesting the breach's legitimacy.

Adam Pilton, Senior Cybersecurity Consultant at CyberSmart, pointed out that Oracle's outright denial is becoming harder to maintain. "Affected customers have now verified the stolen data as genuine, making it difficult to dismiss the breach," Pilton said. He noted that Oracle’s security incident policies require prompt notification of affected parties, yet the company has not offered clear updates to the public.

As Oracle continues to downplay the severity of the incident, experts urge organizations using Oracle Cloud to take precautionary steps, such as reviewing security protocols, enabling multi-factor authentication (MFA), and resetting login credentials to mitigate any ongoing risks.