Home Innovation Oracle Oracle Cloud Service Gets Hack...

Oracle Cloud Service Gets Hacked and Cybersecurity Breach Confirmed

Oracle

Business Honor
08 April, 2025

Oracle denies breach, but investigation confirms hacker stole data; FBI and CrowdStrike involved.

In late March, reports of a cyberattack on Oracle's cloud service surfaced when an individual using the handle "rose87168" claimed to have breached two of Oracle's login servers for customers. The hacker reportedly stole approximately six million records, including private security keys, encrypted credentials, and LDAP entries. The individual then offered the stolen data, affecting thousands of organizations, for sale on a cybercrime forum.

The massive database company managed by Safra Catz swore blindly that the charges were untrue. As it happens, the denials were the only thing that was untrue. Several information security specialists examined samples of the stolen data that Rose87168 shared as evidence of their theft and came to the conclusion that the thief had in fact compromised Oracle's Cloud Classic product, most likely by taking advantage of login servers hosted by Oracle that were not patched against CVE-2021-35587, a vulnerability in Oracle Access Manager, a product in the Oracle Fusion Middleware suite.

To demonstrate that they had access at one time, the data thief even produced a text file on in early March that contained their email address. According to two of the IT giant's clients, Oracle reached out to them in private to discuss the theft of their data from its cloud service and had hired CrowdStrike to clean up the damage. The antivirus specialist "respectfully" sent The Register to Oracle, refusing to verify this. The FBI is reportedly looking into the incident as well.

It is hoped that Oracle has not violated the General Data Protection Regulation, also known as the GDPR, which mandates that businesses notify the impacted parties of consumer data theft within 72 hours of it being discovered. If not, the company might be fined two to four percent of its worldwide sales. Given that attorneys are now searching for harmed individuals, Oracle may possibly encounter class-action issues.