- Oracle began sending data on violation of data violation
- In letters, it downsuces the meaning of the attacks
- Not everyone agrees with this assessment
We now have confirmation that Oracle began notifying its clients of a recent data violation. Apparently, the business stood its reason that it was an irrelevant attack that will make no difference at all.
In early April 2025, a threat actor with the alias “Rose87168” opened a new thread on an underground forum to advertise the sale of a database stolen from the company. The database allegedly contained six million items, including private security keys, encrypted credentials and LDAP items, all of which belonged to Oracle customers.
To confirm the authenticity of the information, the hacker even uploaded a new document to the cloud containing their own E -mail address.
Oracle denies the severity
Oracle first denied and later confirmed the violation, but said it was a meaningless attack when the servers were old and unused and the data contained was outdated.
Now, Bleeping computer reports that letters about e -mail messages started going out: “Oracle would like to say unequivocally that the Oracle cloud -also known as Oracle Cloud Infrastructure or OCI -has not experienced a security break,” the letter allegedly reads.
“No OCI customer environment has been penetrated. No OCI customer data has been viewed or stolen. No OCI service has been interrupted or compromised in any way,” added in emails sent from [email protected], causing customers to contact Oracle Support or their account manager if they have further questions.
“A hacker gained access and published usernames from two outdated servers that were never part of the OCI. The hacker exposed non -useful passwords because the passwords on these two servers were either encrypted and/or hashed. Therefore, the hacker was unable to access customer environments or customer data.”
A report from the register claims that the data belonging to one of the victims was created by 2024. The investigation is currently ongoing, but so far it seems that the striker took advantage of a vulnerability in the Oracle Access Manager to violate Oracle host servers.
CyberSecurity experts Crowdstrike is currently analyzing the incident. The FBI was also notified of the attack, Oracle has confirmed.
Via Bleeping computer
