Oracle Cloud Breach

A cybercriminal known as “Rose87168” has claimed responsibility for a significant breach of Oracle Cloud, threatening to release or sell the compromised data. The hacker alleges possession of 6 million records, impacting over 140,000 tenants. Despite initial denials, Oracle has remained largely silent on the matter, declining to comment on the breach.​

Security researchers from CloudSEK have provided evidence supporting the hacker’s claims, suggesting that the breach may have exploited a critical vulnerability—CVE-2021-35587—in Oracle Access Manager. This flaw could allow unauthorized access to sensitive information. The compromised data reportedly includes single sign-on credentials, LDAP passwords, OAuth2 keys, and tenant information.​

Trustwave SpiderLabs has also analyzed the situation, confirming the legitimacy of the breach and noting that the hacker is offering the stolen data for sale, categorized by company name and other criteria. The cybersecurity community continues to monitor the situation closely as more details emerge.​