Oracle says "obsolete servers" hacked, denies cloud breach

Date:
Fri, 11 Apr 2025 15:00:00 +0000

Description:
A recent hack keeps making headlines as hackers sell the data and Oracle downplays their importance.

FULL STORY

We now have confirmation that Oracle started notifying its customers about a recent data breach. Apparently, the company stood its ground that it was an irrelevant attack that will make no difference whatsoever.

In early April 2025, a threat actor with the alias rose87168 opened a new thread on an underground forum to advertise the sale of a database stolen
from the company. The database allegedly contained six million records, including private security keys, encrypted credentials, and LDAP entries, all belonging to Oracle customers.

To confirm the authenticity of the information, the hacker even uploaded a
new document to the cloud, containing their own email address.

Oracle denies severity

Oracle first denied, and later confirmed the breach, but said it was a pointless attack since the servers were old and unused, and the data
contained within was outdated.

Now, BleepingComputer reports that email notification letters started going out: "Oracle would like to state unequivocally that the Oracle Cloud also
known as Oracle Cloud Infrastructure or OCIhas NOT experienced a security breach," the letter allegedly reads.

"No OCI customer environment has been penetrated. No OCI customer data has
been viewed or stolen. No OCI service has been interrupted or compromised in any way," it added in emails sent from replies@oracle-mail.com, prompting customers to contact Oracle Support or their account manager if they have additional questions.

"A hacker did access and publish user names from two obsolete servers that
were never a part of OCI. The hacker did not expose usable passwords because the passwords on those two servers were either encrypted and/or hashed. Therefore the hacker was not able to access any customer environments or customer data."

A report from The Register claims the data belonging to one of the victims
was created in 2024. The investigation is currently ongoing but so far it
seems that the attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers.

Cybersecurity experts CrowdStrike are currently analyzing the incident. The
FBI was also notified about the attack, Oracle has confirmed.

Via BleepingComputer

======================================================================
Link to news story: https://www.techradar.com/pro/security/oracle-says-obsolete-servers-hacked-den ies-cloud-breach

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Mike Powell wrote to All <=-

Oracle says "obsolete servers" hacked, denies cloud breach

We now have confirmation that Oracle started notifying its customers
about a recent data breach. Apparently, the company stood its ground
that it was an irrelevant attack that will make no difference
whatsoever.

So they kept ganked, obsolete shite online? Apparently there's a
difference between "Oracle cloud" and "Oracle Cloud"? Sounds like spin,
looks like spin...


--- MultiMail/Win v0.52
* Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/1)

Oracle says "obsolete servers" hacked, denies cloud breach

We now have confirmation that Oracle started notifying its customers about a recent data breach. Apparently, the company stood its ground that it was an irrelevant attack that will make no difference whatsoever.

So they kept ganked, obsolete shite online? Apparently there's a
difference between "Oracle cloud" and "Oracle Cloud"? Sounds like spin,
looks like spin...

Based on this and several previous articles, I agree... it is making me
dizzy like a spin. ;)


* SLMR 2.1a * A momentary lapse of reason that binds a life to a life..
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)