Oracle Denies Data Breach Amid Hacker Claims

A hacker announced stealing 6 million Oracle Cloud records from SSO login servers but Oracle rejects the breach happened.

Oracle rejected the reports of a security incident following a hacker who stated they took 6 million data records from Oracle Cloud’s federated SSO login servers. The hacking forum reported the suspected breach through a post from threat actor rose87168.

Oracle has completely denied the breach claim by declaring "There has been no breach of Oracle Cloud. The published credentials serve no purpose for Oracle Cloud systems. Oracle Cloud clients did not sustain any security breaches and all their data remained safe. The hacker demonstrated access to Oracle systems through providing a database record sample and LDAP information.

The reported hacker intends to use stolen data in transactions while seeking zero-day exploit trade possibilities. The hacker claims to possess stolen encryption key static SSO passwords together with Java Keystore JKS files and enterprise manager JPS keys.

The hacker asserted that Oracle Cloud servers remained exposed because of an unsecured security defect. The company Oracle has not acknowledged any system vulnerabilities yet and the independent verification process has yet to be completed.

The data security of customer information remains secured despite the cloud security concerns according to Oracle. The authentication of the hacker's claims remains under active assessment.