Oracle has firmly denied suffering a data breach after a hacker claimed to have stolen approximately 6 million records from Oracle Cloud’s federated Single Sign-On (SSO) servers.
According to Oracle’s statement, shared with security news outlet BleepingComputer, the company asserts that “there has been no breach of Oracle Cloud,” adding explicitly that none of its cloud customers experienced any data compromise or loss.
Hacker Claims Extensive Data Theft
The denial follows claims by an individual known as “rose87168,” who published multiple files reportedly containing LDAP details, database samples, and lists of companies allegedly compromised through Oracle’s SSO platform.
To substantiate these allegations, the hacker provided BleepingComputer a link demonstrating a text file containing their ProtonMail email address allegedly uploaded onto Oracle’s login servers (login.us2.oraclecloud.com). Oracle has not directly addressed this specific claim publicly.
Selling Allegedly Stolen Data
The hacker is currently offering the data—including encrypted SSO credentials, Java Keystore files, and JPS keys—for sale or exchange on the BreachForums hacking platform. They claim the encrypted passwords and hashed LDAP credentials can be decrypted or cracked using additional provided files.
In addition, rose87168 offered affected companies the option to pay for the removal of their data before it is publicly sold. They have also publicly requested assistance from others in decrypting the stolen credentials.
Oracle Allegedly Refused Ransom Demands
According to the hacker, they initially gained access to Oracle Cloud servers approximately 40 days prior and subsequently contacted Oracle demanding a ransom of 100,000 XMR (Monero cryptocurrency) for details of the vulnerability and how to fix it. The attacker stated Oracle refused to pay after requesting comprehensive disclosure without financial compensation.
The hacker alleged that Oracle’s cloud infrastructure is vulnerable due to a publicly known CVE flaw, which they claim lacks a publicly available exploit or proof-of-concept. BleepingComputer has been unable to independently confirm this allegation.
Security Concerns Remain Unresolved
Despite Oracle’s strong denial, the claims raise critical questions about the overall security posture of cloud-based authentication services. Organizations relying on Oracle Cloud’s infrastructure should remain vigilant, monitor security advisories, and stay prepared for potential developments or updates regarding these allegations.
Oracle customers are advised to closely follow official statements and proactively strengthen their authentication and monitoring measures.
