Oracle Cloud's breach denial challenged by security experts and customers
- A hacker named rose87168 claims to have breached Oracle Cloud's login servers and stolen sensitive customer data.
- Oracle Cloud has denied any breach, stating that the credentials in question do not belong to its services.
- The dispute over the authenticity of the data continues as some customers confirm the legitimacy of the leaked information.
In the United States, Oracle Cloud has been at the center of controversy following allegations of a security breach, with claims that customer data has been stolen. Reports emerged that a hacker identified as rose87168 purportedly compromised Oracle Cloud's login servers, exploiting a security vulnerability to extract sensitive information. The attacker then attempted to sell around six million records, including customer security keys and encrypted credentials, on an online forum. Despite the gravity of these claims, Oracle has categorically denied the breach, asserting that the published credentials are not associated with their cloud services and no customer data has been lost. Research from infosec professionals indicated that some of the data allegedly extracted by the hacker appeared authentic, leading to further scrutiny of Oracle's assertions. Several customers corroborated the existence of the leaked data and confirmed that it included legitimate information from their environments. According to a leading infosec expert, Alon Gal from Hudson Rock, at least three customers have verified that the data samples shared with them from the Oracle environment are genuine, raising red flags about Oracle's claims. The hacker had approached Oracle prior to the public announcement of the breach, requesting over $200 million in cryptocurrency for details on the purported heist. Following Oracle's refusal to cooperate, this information was subsequently offered for sale online. With the potential for sensitive data being leaked, including encrypted login passwords and security keys, cybersecurity experts warn businesses to strengthen their security measures, suggesting rotation of SSO and LDAP credentials and the implementation of strict password policies. Oracle's failure to adequately patch its systems and address the vulnerability before the alleged breach has led to significant concern among clients and industry watchers. As the situation unfolds, the implications of this potential data theft could be severe, jeopardizing the security of a vast number of Oracle Cloud users. Organizations are urged to take proactive measures to assess and mitigate potential risks. The conversation around incident response and security integrity for cloud services continues as increased scrutiny is placed on Oracle Cloud’s security protocols and their ability to protect customer data from unauthorized access.