- Cybersecurity firm CloudSEK claims a threat actor has accessed and is selling six million Oracle Cloud records, including sensitive credentials and keys.
- Oracle has denied the breach, but CloudSEK maintains its findings, urging further investigation and transparency to assess potential security risks.
A cybersecurity firm has reported a potential data breach involving Oracle Cloud, while the tech giant has denied any such incident. CloudSEK, a cybersecurity research company, identified a threat actor, ‘rose87168,’ allegedly selling six million records from Oracle Cloud on March 21.
The compromised data reportedly included Java KeyStore (JKS) files, encrypted Single Sign-On (SSO) passwords, key files, and enterprise manager JPS keys.
CloudSEK suggested that an undisclosed vulnerability on the login.(region-name).oraclecloud.com domain might have enabled unauthorized access, leading to the data breach. However, Oracle refuted these claims in a statement shared with cybersecurity publication Dark Reading.
In response to Oracle’s denial, CloudSEK reaffirmed its findings and expressed concerns over how the situation was being handled.
"We believe there was a lack of judgment at the end of Oracle, and we intend to publish more details that would help the community and Oracle to investigate the incident better," CloudSEK stated.
"At CloudSEK, we believe in transparency and evidence-based validation—not to create panic, but to enable preparedness, which we have been doing for the last 10 years."
As part of its investigation, CloudSEK reported that the threat actor had shared a sample of 10,000 lines of customer data as proof of the breach. The evidence included a file created on the ‘login.us2.oraclecloud.com’ domain, which was archived along with the attacker's email.
A background check conducted by CloudSEK reportedly confirmed that the sample data contained real Oracle Cloud customer information rather than test accounts. The company also claimed that the domain linked to the incident was a live production SSO setup, reinforcing its assertion that the breach was legitimate.
Some independent security researchers have also supported CloudSEK's findings, suggesting that the breach could impact over 1,500 organizations. The potential consequences include unauthorized access, corporate espionage, and financial and reputational risks for affected enterprises.
CloudSEK and other cybersecurity experts continue to monitor the situation and urge Oracle to disclose more information regarding the alleged breach.
Edited by Harshajit Sarmah
