Summary: A hacker claimed to have exfiltrated 6 million records from Oracle Cloud, including sensitive data such as customer security keys and email addresses, by exploiting a vulnerability in one of its Single Sign-On servers. Despite the hacker’s assertion and evidence of the breach, Oracle has denied any security compromise. The hacker attempted to extort Oracle for 0 million before making the data public, which includes various types of encrypted and hashed credentials.
Affected: Oracle Cloud
Keypoints :
- Hacker posted on BreachForums, claiming to have stolen data by exploiting a vulnerability.
- Oracle conducted an internal investigation and stated no breach occurred, contradicting the hacker’s claims.
- Stolen data includes sensitive security keys and customer information, with an alleged ransom demand of 0 million.
Source: https://securityonline.info/breachforums-claims-millions-of-oracle-cloud-records-stolen/