- Oracle began to send letters of data breach
- In letters, it minimizes the meaning of the attacks
- Not everyone agrees with this evaluation
We have now confirmed that Oracle has started to inform its customers of a recent data violation. Apparently, the company made a good time that it was an unrelevant attack that will make no difference.
At the beginning of April 2025, a threat actor from the alias “Rose87168” opened a new thread on an underground forum to announce the sale of a database stolen from the company. The database contained six million records, including private security keys, encrypted identification information and LDAP inputs, all belonging to Oracle customers.
To confirm the authenticity of the information, the pirate has even downloaded a new document on the cloud, containing its own email address.
Oracle denies severity
Oracle denied for the first time, and then confirmed the violation, but said that it was an unnecessary attack because the servers were old and unused, and the data contained inside was exceeded.
Now BleepingCompute reports that the letters of e -mail notification have started to go out: “Oracle would like to indicate unequivocally that the Oracle Cloud – also known as the Oracle Cloud Infrastructure or OIC – has not experienced security violation,” said the letter.
“No OIC customer environment has been penetrated. No OIC customer data has been viewed or stolen. No OIC service has been interrupted or compromised in any way,” he added in emails sent from [email protected], encouraging customers to contact Oracle assistance or their account manager if they have additional questions.
“A hacker accessed and published user names from two obsolete servers that were never part of the OIC. The hacker has not exposed usable passwords because the passwords of these two servers have been encrypted and / or chopped. Therefore, the pirate could not access customer environments or customer data.”
A register report claims that data belonging to one of the victims were created in 2024. The investigation is currently underway, but so far, it seems that the attacker has exploited a vulnerability in Oracle Access Manager to violate the servers hosted by Oracle.
Crowdstrike cybersecurity experts are currently analyzing the incident. The FBI was also informed of the attack, Oracle confirmed.
Via Bleeping Compompute
