Oracle is privately informing some customers about a possible cloud system breach\u2014despite publicly denying that any such incident occurred.<\/p>\n
A hacker known as “rose87168” has claimed responsibility for the breach, offering for sale what they say is data from over 140,000 Oracle Cloud customers, including encrypted login credentials. Initially, the hacker demanded $20 million from Oracle in exchange for not releasing the data. When that failed, they attempted to sell the information or trade it for zero-day exploits.<\/p>\n
In response to media attention, Oracle publicly denied the claims, stating:<\/p>\n
\u201cThere has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.\u201d<\/p>\n
Despite this, the hacker has released multiple pieces of evidence to support their claims:<\/p>\n
Cybersecurity experts have reviewed some of the data and believe it to be genuine. The report shows that some Oracle Cloud users have confirmed their information was indeed leaked.<\/p>\n
While Oracle continues to publicly deny any breach, independent reports suggest otherwise. According to Bloomberg, Oracle has started quietly notifying affected customers, acknowledging a breach involving usernames, passkeys, and encrypted passwords. The incident is now under investigation by both the FBI and CrowdStrike, a leading cybersecurity firm.<\/p>\n
Oracle reportedly told some customers that:<\/p>\n
However, a separate source told Bloomberg that some of the stolen credentials are from 2024, suggesting that more recent systems may also be affected.<\/p>\n
Security firm CyberAngel reported that the breach impacted \u201cGen 1\u201d cloud servers (older Oracle cloud systems), while newer \u201cGen 2\u201d servers were not involved. According to their unnamed source:<\/p>\n
The hacker also claims they accessed data from 2025, further complicating Oracle\u2019s public denials.<\/p>\n
Cybersecurity researcher Kevin Beaumont, who has been monitoring the situation, said that Oracle has only notified affected customers verbally, with no written communication. He believes Oracle is using vague wording to avoid admitting that its cloud services were breached.<\/p>\n
Beaumont suggests that calling the affected systems \u201cOracle Classic\u201d instead of \u201cOracle Cloud\u201d may be a strategic move to deflect responsibility.<\/p>\n
\u201cOracle are attempting to wordsmith statements around Oracle Cloud\u2026 This is not okay,\u201d Beaumont said. \u201cThey need to clearly, openly, and publicly communicate what happened, how it impacts customers, and what they\u2019re doing about it.\u201d<\/p>\n
Adding to the confusion, reports have also surfaced about a separate Oracle Health breach. According to Bleeping Computer, that incident involves patient data from multiple U.S. healthcare providers and appears to be unrelated to the cloud breach.<\/p>\n","protected":false},"excerpt":{"rendered":"
Oracle is privately informing some customers about a possible cloud system breach\u2014despite publicly denying that any such incident occurred. A hacker known as “rose87168” has claimed responsibility for the breach, […]<\/p>\n","protected":false},"author":1,"featured_media":426,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=427"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/427\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/426"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}