Summary: A hacker named ‘rose87168’ has claimed to have breached Oracle Cloud, allegedly stealing data related to 6 million users, despite Oracle’s adamant denial of any breach. Multiple companies have confirmed the authenticity of the leaked data samples, including personal and account information. Evidence suggests that the threat actor had access to Oracle’s servers, raising serious questions about the security of the cloud platform.
Affected: Oracle Cloud
Keypoints :
- Hacker claims to have stolen authentication data and encrypted passwords for 6 million users.
- Oracle disputes any breach, maintaining no customer data has been lost.
- Multiple companies verified the validity of the leaked data after independent verification.
- The attacker shared email exchanges suggesting they reported vulnerabilities to Oracle.
- Security vulnerabilities like CVE-2021-35587 in Oracle Fusion Middleware may be linked to the breach.