- A threat actor is offering a database for sale, claiming that he came from Oracle
- The file contains SSO passwords and more
- Oracle denied having been raped or losing data
Oracle has denied having suffered a cyber attack and data violation, after the statements of a hacker having stolen millions of records of the company’s servers.
In mid -March 2025, a threat actor with alias Rose87168 launched 6 million data records, claiming that they were seized from the SSO login servers federated from the Oracle cloud. The file published in the Dark Network included a sample database, LDAP information and a list of companies.
Perhaps, as expected, Oracle had none of that, issuing a statement declaring: “There has been no breach of Oracle Cloud. Published credentials are not for Oracle Cloud. No Oracle Cloud client experienced a rape or lost data.”
SSO passwords encrypted
Meanwhile, Rose87168 took the file for sale, in exchange for a sum of non -revealed money or zero day exploits.
The threat actor states that the data includes encrypted SSO passwords, Java key warehouse files, key files, Enterprise manager Keys JPS and more.
“SSO’s passwords are encrypted, they can be deciphered with available files. The LDAP password can also be broken,” Ros87168 said.
“I will list the domains of all companies in this escape. Companies can pay a specific amount to eliminate information from their employees from the list before it is sold.”
Before listing the stolen file for the sale, the threat actor apparently asked Oracle 100,000 XMR (the monero cryptocurrency), but the company also demanded “all the necessary information for the solution and the patch”, and since Ros87168 did not provide, the negotiations were broken.
To show that the stolen files were legitimate, the threat actor gave Bleepingcomputer A URL for the Internet Archive, which shows that they loaded a .txt file that contains its email address to the login server.us2.oraclecloud.com.
The publication communicated with Oracle to obtain an explanation: we have also contacted the company to comment.
