Summary: Oracle has denied any breach of its cloud systems despite a threat actor claiming to sell 6 million records allegedly stolen from its SSO login servers. The company asserts that published credentials are not associated with Oracle Cloud and that no customers experienced a data loss. The hacker, known as rose87168, claims to have accessed sensitive data and is attempting to sell it on the BreachForums hacking forum.
Affected: Oracle Cloud
Keypoints :
- Oracle maintains that there has been no breach of its cloud services and denies the validity of the claimed stolen credentials.
- The hacker claims to possess various sensitive data types, including encrypted SSO passwords and enterprise keys, and seeks payment to remove affected company information from the leaked list.
- Allegedly, the attacker gained access to Oracle servers 40 days ago and is attempting to sell the data or offer it in exchange for decryption assistance.