Oracle denies breach after hacker claims theft of 6 million data records

As further proof that they had access to Oracle Cloud servers, the threat actor shared this URL with BleepingComputer, showing an Internet Archive URL that indicates they uploaded a .txt file containing their ProtonMail email address to the login.us2.oraclecloud.com server. The threat actor told BleepingComputer they gained access to Oracle Cloud servers around 40 days ago and claimed to email the company after exfiltrating data from the US2 and EM2 cloud regions. Oracle denies it was breached after a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers. BleepingComputer contacted Oracle again to explain how the threat actor uploaded a text file containing their email address without access to Oracle Cloud servers. This statement comes after a threat actor known as rose87168 released multiple text files yesterday containing a sample database, LDAP information, and a list of the companies that they claimed were stolen from Oracle Clouds' SSO platform. They say the data (including encrypted SSO passwords, Java Keystore (JKS) files, key files, and enterprise manager JPS keys) was stolen after hacking into 'login.(region-name).oraclecloud. com' Oracle servers. rose87168 is now selling the allegedly stolen data from Oracle Cloud's SSO service for an undisclosed price or in exchange for zero-day exploits on the BreachForums hacking forum. No Oracle Cloud customers experienced a breach or lost any data," the company told BleepingComputer.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 21 Mar 2025 20:45:23 +0000

Cyber News related to Oracle denies breach after hacker claims theft of 6 million data records

Electronic Frontier Foundation - We're not just talking about the ballot box, but the everyday power we all have to demand government agencies make their records and data available to public scrutiny. At every level of government in the United States, there are laws that empower the ...
1 year ago Eff.org

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com

Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
2 years ago Securityboulevard.com

31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
2 years ago Pandasecurity.com

Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
9 months ago Bleepingcomputer.com

Oracle denies breach after hacker claims theft of 6 million data records - As further proof that they had access to Oracle Cloud servers, the threat actor shared this URL with BleepingComputer, showing an Internet Archive URL that indicates they uploaded a .txt file containing their ProtonMail email address to the ...
9 months ago Bleepingcomputer.com

Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
9 months ago Bleepingcomputer.com

Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
2 years ago Bleepingcomputer.com

Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com

Data Breaches in US Schools Exposed 37.6M Records - Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded - a dramatic rise from 139 in ...
1 year ago Infosecurity-magazine.com

Hacked and Exposed: BSNL's Battle Against a Dark Web Data Breach - A hacker named Ellis is now selling thousands of internet and landline records from the telecom operator BSNL on the dark web, as a result of a data breach that saw the operator suffer a data breach in the recent past. BSNL users' sensitive ...
2 years ago Cysecurity.news

Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 year ago Bleepingcomputer.com Hunters

Identity Crisis: 14 Million Individuals at Risk After Mortgage Lender's Data Breach - Mr Cooper, the private mortgage lender, has now admitted almost 14.7 million individuals' private data has been stolen in a previous IT security breach, which resulted in the theft of their addresses and bank account numbers, but it is estimated the ...
2 years ago Cysecurity.news Meow

Oracle Health breach compromises patient data at US hospitals - In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in ...
9 months ago Bleepingcomputer.com

Hacker leaks millions of new 23andMe genetic data profiles - A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe ...
2 years ago Bleepingcomputer.com Rocke Hunters

General Electric investigates claims of cyber attack, data theft - General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data. General Electric is an American multinational company with divisions in power, renewable ...
2 years ago Bleepingcomputer.com Hunters

Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record from Recorded Future News - Last year, a man behind a $110 million theft from defunct crypto platform Mango Markets was convicted in federal court despite having negotiated with the platform to return the funds. The person behind the theft began transferring the funds in $5 ...
6 months ago Therecord.media

Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 year ago Bleepingcomputer.com Hunters

D-Link confirms data breach after employee phishing attack - Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. The attacker claims to have stolen source code for D-Link's D-View ...
2 years ago Bleepingcomputer.com

Europol confirms web portal breach, says no operational data stolen - Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only documents containing ...
1 year ago Bleepingcomputer.com

CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
6 years ago

FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
1 year ago Bleepingcomputer.com

Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
2 years ago Bleepingcomputer.com CVE-2023-34362

Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
2 years ago Bleepingcomputer.com CVE-2023-34362