- Oracle began sending data violation notification letters
- In the letters, it minimizes the importance of attacks
- Not everyone agrees with that evaluation
Now we have confirmation that Oracle began notifying its clients about recent data violation. Apparently, the company remained firm that it was an irrelevant attack that will make no difference.
At the beginning of April 2025, an actor of threat with the alias “Rose87168” opened a new thread in an underground forum to announce the sale of a stolen database of the company. The database supposedly contained six million records, including private security keys, encrypted credentials and LDAP tickets, all belonging to Oracle clients.
To confirm the authenticity of the information, the hacker even carried a new document in the cloud, which contains its own email address.
Oracle denies gravity
Oracle first denied it, and then confirmed the rape, but said it was a useless attack since the servers were old and not used, and the data contained inside were outdated.
Now, Bleepingcompter reports that the notification cards by email began to leave: “Oracle would unequivocally indicate that Oracle cloud, also known as Oracle Cloud or OCI infrastructure, has not experienced a security violation,” the letter is said.
“It has not penetrated the environment of the OCI client. No data from the OCI client have not been seen or stolen. Any OCI service has not been interrupted or compromised in any way,” added the emails sent to [email protected], which asks customers to communicate with Oracle Support or their account administrator if they have additional questions.
“A hacker agreed and published users’ names of two obsolete servers who were never part of OCI. The hacker did not expose usable passwords because passwords on those two servers were encrypted and/or hash. Therefore, the hacker could not access any customer environment or client data.”
A registration report states that the data belonging to one of the victims were created in 2024. The investigation is currently in progress, but so far it seems that the attacker exploited a vulnerability in Oracle Access Manager to violate the servers organized by Oracle.
Cibersecurity experts Crowdstrike are currently analyzing the incident. The FBI was also notified about the attack, Oracle confirmed.
Through Bleepingcomputer
