- A threat actor offers a database for sale, alleging that she came from Oracle
- The archive contains encrypted SSO passwords and more
- Oracle denied having been raped or losing data
Oracle denied having suffered from a cyber attack and a data violation, following the allegations of a pirate for having stolen millions of files from the company’s servers.
In mid-March 2025, a threat player from the alias Rose87168 published 6 million data files, saying that they were seized with the Federated SSO connection servers. The archive published on the Dark web included an example of a database, LDAP information and a list of companies.
Unsurprisingly, Oracle had nothing, publishing a declaration declaring: “There was no violation of Oracle Cloud. The published identification information is not for Oracle Cloud. No customer of Oracle Cloud has experienced a violation or has lost any data.”
SSO Passwords encrypted
Meanwhile, Rose87168 has taken the archives for sale, in exchange for an undisclosed money, ie zero-day exploits.
The threat actor claims that the data include sso -encrypted SSO passwords, Java Keystore (JKS) files, key files, business manager keys, etc.
“SSO passwords are encrypted, they can be deciphered with the available files. In addition, the LDAP hasty password can be cracked,” said Rose87168.
“I will list the areas of all companies in this leak. Companies can pay a specific amount to delete information from their employees from the list before its sale.”
Before registering the stolen archives for sale, the threat actor apparently asked Oracle 100,000 XMR (the monero cryptocurrency), but the company also demanded “all the information necessary for the correction and the correction”, and since Rose87168 did not provide, the negotiations are broken.
To prove that stolen files were legitimate, the threat actor gave Bleeping Compompute A URL for Internet Archive, which shows that they have downloaded a .TXT file containing their e-mail address on the login.us2.oraclecloud.com server.
The publication contacted Oracle for an explanation – we also contacted the company to comment.
